Commit graph

2481 commits

Author SHA1 Message Date
josesimoes
23419560c9 Remove prompt to exit in all programs
Signed-off-by: José Simões <jose.simoes@eclo.solutions>
2022-05-06 17:11:22 +01:00
Przemek Stekiel
cb20d202d2 Further code optimization
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 09:34:30 +02:00
Przemek Stekiel
296bfba924 ssl_server2: add key_opaque_algs2 usage info
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 11:08:34 +02:00
Przemek Stekiel
1d25e076f3 ssl_client2: fix default key opaque algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 11:05:10 +02:00
Przemek Stekiel
488efa05b6 Fix compiler warnings: initialize local variables: psa_alg, psa_alg2, psa_usage
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
134eb8b6e2 Fix style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
092128324f ssl_client2/ss_server2: optimize code for opaque key
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
76a41f5a52 ssl_test_lib: fix compilation flags for default config
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
e5e9ba920f ssl_server2: refactor opaque code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
89132a6ab0 Fix call to mbedtls_pk_wrap_as_opaque(): use usage variable instead PSA_KEY_USAGE_SIGN_HASH
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
b58c47a666 ssl_server2: use key opaque algs given from command line
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
344c561292 ssl_server2: Add support for key_opaque_algs2 command line paramtere
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
a17b5c6ba2 ssl_client: use key opaque algs given from command line
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
01396a16da ssl_test_lib: add function translate given opaque algoritms to psa
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
77fc9ab1ba Fix typos and code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
4ca0d72c3b ssl server: add key_opaque_algs command line option
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
f1822febc4 ssl client: add key_opaque_algs command line option
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
85d692d1c4 ssl client/server: add parsing function for key_opaque_algs command line option
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
2022-04-29 10:47:16 +02:00
Neil Armstrong
94e371af91 Update mbedtls_pk_wrap_as_opaque() usage in SSL client2 & server2
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap
Improve benchmarking of ECC heap usage
2022-04-22 16:43:11 +02:00
Przemek Stekiel
cb322eac6b Enable support for psa opaque DHE-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
14d11b0877 Enable support for psa opaque ECDHE-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:53:55 +02:00
Przemek Stekiel
19b80f8151 Enable support for psa opaque ECDHE-PSK key exchange on the client side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
aeb710fec5 Enable support for psa opaque RSA-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
fc72e428ed ssl_client2: Enable support for TLS 1.2 RSA-PSK opaque ciphersuite
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Martin Storsjö
5c1479d04a Use QueryPerformanceCounter as fallback timer on non-x86 mingw
The QueryPerformanceCounter implementation previously was within
defined(_MSC_VER), but it works just as well on other Windows
toolchains, like mingw.

For most common mingw x86 build configurations, one of the earlier
inline assembly implementations would end up used, but for non-x86
(arm, aarch64), it would end up falling back on the gettimeofday
implementation.

This implementation did build successfully (as mingw toolchains do
provide gettimeofday, contrary to MSVC), but the header providing
gettimeofday, <sys/time.h>, wasn't ever included when building
targeting Windows - thus the function was called without a proper
declaration.

Clang 15 changes such implicit function declarations into a hard
error by default, when building in C99 mode (or newer) [1].
(While Clang 15 still is under development, this may still change
before it's released, but it's a valid issue in any case.)

[1] 7d644e1215

Signed-off-by: Martin Storsjö <martin@martin.st>
2022-04-22 13:12:52 +03:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
Add client hello into server side
2022-04-22 10:26:00 +02:00
Manuel Pégourié-Gonnard
21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12
RSA sign 3b: TLS 1.2 integration testing
2022-04-22 10:05:43 +02:00
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
XiaokangQian
318dc763a6 Fix test failure issue and update code styles
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 09:43:51 +00:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Neil Armstrong
f0b1271a42 Support RSA Opaque PK keys in ssl_server2
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:49:25 +02:00
Thomas Daubney
88fed8e700 Rewrite ecdh_curve25519 program
Rewrite the example ECDH x25519 program using the
high-level ECDH API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-12 14:37:16 +01:00
Dave Rodgman
ed35887fc8
Merge pull request #2104 from hanno-arm/iotssl-2071
Check that integer types don't use padding bits in selftest
2022-04-11 17:26:08 +01:00
Dave Rodgman
8f5a29ae40 Improve fix for printf specifier
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-11 12:59:45 +01:00
Dave Rodgman
eaba723139 Fix printf specifier
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-11 10:07:38 +01:00
Dave Rodgman
e2e7e9400b Fail for types not of size 2, 4 or 8
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:46:30 +01:00
Hanno Becker
baae59cd49 Improve documentation of absence-of-padding check
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:46:29 +01:00
Hanno Becker
0d7dd3cd43 Check that size_t and ptrdiff_t don't have padding
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:46:26 +01:00
Hanno Becker
4ab3850605 Check that integer types don't use padding bits in selftest
This commit modifies programs/test/selftest to include a check that
none of the standard integer types (unsigned) [short, int, long, long]
uses padding bits, which we currently don't support.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:45:05 +01:00
Gilles Peskine
e756f642cd Seed the PRNG even if time() isn't available
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:46:41 -04:00
Gilles Peskine
99a732bf0c Fix off-by-one in buffer_size usage
The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:34:36 +02:00
Gilles Peskine
8bb96d96cd Fix buffer size calculation
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:31:05 +02:00
Dave Rodgman
017a19997a Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Jerry Yu
79c004148d Add PSA && TLS1_3 check_config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
3a58b462b6 add pss_rsae_sha{384,512}
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
server certificate selection callback
2022-03-10 11:51:42 +01:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
Andrzej Kurek
541318ad70 Refactor ssl_context_info time printing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
554b820747 Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
6056e7af4f Fix benchmark and udp_proxy dependency on MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
06a00afeec Fix requirement mismatch in fuzz/common.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
ca53459bed programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
4e0cc40d0f programs/fuzz: Use build_info.h in common.h
Remove direct inclusion of mbedtls_config.h and replace with
build_info.h, as is the convention in Mbed TLS 3.0.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
5b9cb9e8ca programs/test: fix build without MBEDTLS_HAVE_TIME
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
Raoul Strackx
9ed9bc9377 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Przemek Stekiel
3f076dfb6d Fix comments for conditional compilation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 09:36:46 +01:00
Glenn Strauss
48a37f01b3 Add cert_cb use to programs/ssl/ssl_server2.c
(for use by some tests/)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Gilles Peskine
fd222da2e9 Fix the build when MBEDTLS_PLATFORM_C is unset
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 15:26:40 +01:00
Manuel Pégourié-Gonnard
6d2479516c
Merge pull request #5533 from paul-elliott-arm/fix_fuzz_privkey_null_ctx
Fix null context when using dummy_rand with mbedtls_pk_parse_key()
2022-02-16 09:55:01 +01:00
Paul Elliott
5d7e61fb61 Fix uninitialised return value.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-15 16:05:17 +00:00
Manuel Pégourié-Gonnard
a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref
Ensure ctr_drbg is initialised every time in fuzz_server
2022-02-15 10:31:03 +01:00
Paul Elliott
a1dc3e5a60 Add safety to dummy_random in case of NULL context
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-14 18:26:21 +00:00
Przemyslaw Stekiel
169f115bf0 ssl_client2: init psa crypto for TLS 1.3 build
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 17:15:04 +01:00
Paul Elliott
bb0168144e Ensure valid context is used in fuzz_dtlsserver
A valid ctr_drbg context is now a prerequisite for using dummy_random()

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-14 15:57:11 +00:00
Paul Elliott
51a7679a8e Ensure context is passed in to dummy_rand
In fuzz_privkey, we switched over to using dummy_rand(), which uses
ctr_drbg internally, and thus requires an initialised ctr_drbg_context
to be passed in via p_rng when calling mbedtls_pk_parse_key().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-11 19:10:14 +00:00
Paul Elliott
00738bf65e Ensure ctr_drbg is initialised every time
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.

Add extra validation to attempt to catch this issue in future.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-10 18:38:53 +00:00
Glenn Strauss
a941b62985 Create public macros for ssl_ticket key,name sizes
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 15:28:28 -05:00
Glenn Strauss
e328245618 Add test case use of mbedtls_ssl_ticket_rotate
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:16 -05:00
Manuel Pégourié-Gonnard
9193f7d836
Merge pull request #5436 from mpg/prog-hmac-cipher-psa
PSA: example programs for HMAC and AEAD vs legacy
2022-02-09 10:53:49 +01:00
Manuel Pégourié-Gonnard
ae1bae8412 Give a magic constant a name
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:36:28 +01:00
Manuel Pégourié-Gonnard
c82504e22c Clean up output from cipher_aead_demo
Used to print "cipher:" when it was the cipher part of a program that
had both cipher and PSA. Now it doesn't really make sense. Align the
output to match the PSA version of this program.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:31:36 +01:00
Manuel Pégourié-Gonnard
5e6c884315 Improve info() function in cipher_aead_demo
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:29:59 +01:00
Manuel Pégourié-Gonnard
64754e1b8d Wrap long lines
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:21:14 +01:00
Manuel Pégourié-Gonnard
340808ca67 Add comments on error codes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:15:26 +01:00
Manuel Pégourié-Gonnard
48bae0295c Avoid hardcoding a size
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:14:58 +01:00
Manuel Pégourié-Gonnard
cf99beb8fe Improve naming consistency
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 10:54:26 +01:00
Manuel Pégourié-Gonnard
6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity
Clarify key types message from ssl_client2 and ssl_server2
2022-02-03 11:33:03 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs
Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:26 +01:00
Manuel Pégourié-Gonnard
f6ea19c66c Work around bug in PSA_MAC_LENGTH()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 13:08:21 +01:00
Manuel Pégourié-Gonnard
12ec5719e7 Fix bug in md_hmac_demo
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 09:47:46 +01:00
Manuel Pégourié-Gonnard
29088a4146 Avoid duplicate program names
Visual Studio and CMake didn't like having targets with the same name,
albeit in different directories.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 09:38:26 +01:00
Manuel Pégourié-Gonnard
6fdc9e8df1 Move aead_non_psa out of the psa/ directory
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 09:29:13 +01:00
Gilles Peskine
cc50f1be43 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-31 22:53:30 +01:00
Manuel Pégourié-Gonnard
69bb3f5332 Move hmac_non_psa out of psa/ directory
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 13:09:47 +01:00
Manuel Pégourié-Gonnard
248b385f1b Add comments to AEAD (non-PSA) examples
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 12:56:39 +01:00
Manuel Pégourié-Gonnard
6349794648 Demonstrate better practices in HMAC examples
- avoid hardcoded sizes when there's a macro for that
- avoid mutable global variables
- zeroize potentially-sensitive local buffer on exit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 12:30:02 +01:00
Manuel Pégourié-Gonnard
f392a02c50 Add comments to the HMAC (non-)PSA examples
Also clean up / align the structure on existing examples.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 12:06:07 +01:00
Manuel Pégourié-Gonnard
fd1d13c8bd Avoid requiring too much C99 support
MSVC 2013, still supported and used in our CI, did not support that.

   aead_psa.c(78): error C2099: initializer is not a constant
   aead_psa.c(168): error C2057: expected constant expression
   aead_psa.c(168): error C2466: cannot allocate an array of constant size 0
   aead_psa.c(168): error C2133: 'out' : unknown size
   aead_psa.c(169): warning C4034: sizeof returns 0

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-28 12:52:35 +01:00
Manuel Pégourié-Gonnard
7d5ef1731b Split aead_cipher_psa
Same as previous commit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-28 12:49:37 +01:00
Manuel Pégourié-Gonnard
edf6e83cbc Split hmac_md_psa.c
Having two programs might make comparison easier, and will make it
easier to people to use just the PSA one as an example.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:36:39 +01:00
Manuel Pégourié-Gonnard
1a45c713f0 Fix cleanup code
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:22:28 +01:00
Manuel Pégourié-Gonnard
3aae30c224 Use PSA macros for buffer sizes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:11:49 +01:00
Manuel Pégourié-Gonnard
beef9c231c Use better names for dummy data
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:11:49 +01:00
Manuel Pégourié-Gonnard
428a97ed47 Improve option names
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 11:36:03 +01:00
Manuel Pégourié-Gonnard
0e725c33d4 Improve introductory comments.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 11:35:05 +01:00
Gilles Peskine
05bf89da34 Clarify key types message from ssl_client2 and ssl_server2
If no key is loaded in a slot, say "none", not "invalid PK".

When listing two key types, use punctuation that's visibly a sequence
separator (",").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-25 17:50:25 +01:00
Jerry Yu
11f0a9c2c4 fix deprecated-declarations error
replace sig_hashes with sig_alg

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
Add accessors for ciphersuite info
2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard
ff743a7f38
Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets
TLS Cipher 1a: extend testing of tickets
2022-01-24 10:25:29 +01:00
Glenn Strauss
6eef56392a Add tests for accessors for ciphersuite info
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-23 08:37:02 -05:00
Andrzej Kurek
7a58d5283b Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:02 -05:00
Manuel Pégourié-Gonnard
aab5258b7a Avoid using %zu, not supported everywhere yet.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-19 10:28:32 +01:00
Manuel Pégourié-Gonnard
24e82ded79 Fix type of temporary variable
Both functions use int. Using size_t results is a warning from MSVC.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:29:41 +01:00
Manuel Pégourié-Gonnard
763641a3f5 Rm use of non-standard __func__ in example programs
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-17 11:58:54 +01:00
Manuel Pégourié-Gonnard
9efbf53f0e Declare incompatibility in new programs
Existing example programs in this directory are already incompatible
with that option, so this is probably acceptable here too.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-17 11:57:44 +01:00
Manuel Pégourié-Gonnard
ecffd96910 Silence compiler warning in example program
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-14 13:23:54 +01:00
Manuel Pégourié-Gonnard
398d45985b Add example program psa/aead_cipher_psa
This is meant to highlight similarities and differences in the APIs.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-14 12:48:13 +01:00
Gabor Mezei
d4bea1efd5
Add ticket_aead option for ssl_server2
The ticket_aead option allows to specify the session ticket protection.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-01-12 16:21:15 +01:00
Manuel Pégourié-Gonnard
667b556dbc Add example program psa/hmac_md_psa
This is meant to highlight similarities and differences in the
multi-part HMAC APIs.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-07 12:20:54 +01:00
Manuel Pégourié-Gonnard
bf5b46c1ee Fix alignment in benchmark output
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-05 10:34:17 +01:00
Manuel Pégourié-Gonnard
6ced002a69 Count allocs without side-effects
At the end of the benchmark program, heap stats are printed, and these
stats will be wrong if we reset counters in the middle.

Also remove the function to reset counters, in order to encourage other
programs to behave correctly as well.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-05 10:08:59 +01:00
Manuel Pégourié-Gonnard
cd4ad0c67a No need to call a function to avoid a warning.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-05 09:54:37 +01:00
Manuel Pégourié-Gonnard
68322c4594 Remove old useless function from benchmark
This no longer makes sense since pre-computed multiples of the base
point are now static. The function was not doing anything since `grp.T`
was set to `NULL` when exiting `ecp_mul_comb()` anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-04 11:14:42 +01:00
Manuel Pégourié-Gonnard
c4055446c4 Use alloc counters in memory benchmarking
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-04 10:24:01 +01:00
Manuel Pégourié-Gonnard
a93aa580dc Fix build failure in benchmark in reduced configs
The "proper" fix would be to define the function only when it's needed,
but the condition for that would be tedious to write (enumeration of all
symmetric crypto modules) and since this is a utility program, not the
core library, I think it's OK to keep unused functions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-04 09:47:54 +01:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
paul-elliott-arm
f434994d83
Merge pull request #5303 from yuhaoth/pr/add_list_config_function
Add list config function
2021-12-10 18:30:06 +00:00
Ronald Cron
2331fdb280
Merge pull request #5293 from ronald-cron-arm/tls13-mvp-misc
Miscellaneous final changes for TLS 1.3 MVP release
2021-12-10 17:46:47 +01:00
Jerry Yu
29ceb564f8 fix help message issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 23:38:57 +08:00
Gilles Peskine
f1c30b2a94 Check return values in more places
Selective replacement of
```
^\( *\)\(mbedtls_\(md\|cipher\)_[A-Z_a-z0-9]+\)\((.*)\);
```
by
```
\1if( \2\4 != 0 )
\1{
\1    mbedtls_fprintf( stderr, "\2() returned error\\n" );
\1    goto exit;
\1}
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-10 14:25:45 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Jerry Yu
a15f3cc350 Add list_config into query_comile_time_config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 16:31:01 +08:00
Jerry Yu
84e63a73cd Add list_config generation
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 16:30:57 +08:00
Gilles Peskine
1dc3c4553d
Merge pull request #5295 from paul-elliott-arm/crypt_and_hash_prog
Add checks for return values to md functions in crypt and hash
2021-12-09 23:32:59 +01:00
Paul Elliott
ef9cccaf3c Fix printf format specifier
Also mark function as printf variant so compiler will pickup any future
issues.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 17:25:04 +00:00
Paul Elliott
d79d3eb736 Add checks for return values to md functions
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 17:18:10 +00:00
Paul Elliott
3820c150d1 Prevent resource leak
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 12:48:51 +00:00
Dave Rodgman
351c71b7f2 Fix builds when config.h only defines MBEDTLS_BIGNUM_C
Fixes #4929

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-06 17:50:53 +00:00
Xiaofei Bai
d25fab6f79 Update based on comments
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 06:36:27 +00:00
Xiaofei Bai
6dc90da740 Rebased on 74217ee and add fixes
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:12:43 +00:00
Xiaofei Bai
9539501120 Rebase and add fixes
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:09:26 +00:00
Xiaofei Bai
746f9481ea Fix 1_3/13 usages in macros and function names
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
Ronald Cron
74217ee03c
Merge pull request #5202 from xkqian/pr/add_rsa_pkcsv15
Pr/add rsa pkcsv15
2021-11-26 08:07:11 +01:00
Gilles Peskine
a0e57ef84f
Merge pull request #5131 from gilles-peskine-arm/dlopen-test
dlopen test
2021-11-25 22:03:27 +01:00
XiaokangQian
4d2329fd8a Change code based on reviews
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-25 02:21:16 +00:00
XiaokangQian
25476a48b9 Change code based on review
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 14:01:21 +00:00
XiaokangQian
ff5f6c8bb0 Refine test code and test scripts
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 08:49:51 +00:00
XiaokangQian
f977e9af6d Add componet test and rsa signature options
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 07:19:23 +00:00
XiaokangQian
bdf26de384 Fix test failure and remove useless code
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 09:52:56 +00:00
XiaokangQian
4b82ca1b70 Refine test code and test scripts
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
paul-elliott-arm
61f797adfd
Merge pull request #5111 from mprse/aps_mem_leak
ssl_client2, ssl_server2: add check for psa memory leaks
2021-11-17 11:54:44 +00:00
Gilles Peskine
834d229117 Fix dynamic library extension on macOS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-12 14:30:22 +01:00
Gilles Peskine
7fb54c5674 More explicit output for the test program
Without that, the logs were a bit hard to understand if you didn't know what
to expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-10 21:08:28 +01:00
Gilles Peskine
b6a0299708 Avoid undefined variable warning without MBEDTLS_MD_C
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-10 19:11:32 +01:00
Gilles Peskine
88e3e70df5 Use CMake's knowledge of what system library has dlopen()
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-10 19:10:27 +01:00
Gilles Peskine
f80a029f28 Don't build dlopen when building for Windows
Windows doesn't have dlopen, not even Linux emulation environments such as
MinGW.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-10 19:05:20 +01:00
Gilles Peskine
5dbee582a3 Only link with libdl on Linux
Requiring an extra library for dlopen is a Linux non-POSIX-compliance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-10 19:05:20 +01:00
Gilles Peskine
ca144597e8 Run the dlopen test in shared library builds
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-10 19:05:20 +01:00
Gilles Peskine
a7c247e87d New test app for dynamic loading of libmbed* with dlopen
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-10 19:05:20 +01:00
Przemyslaw Stekiel
d6914e3196 ssl_client2/ssl_server2: Rework ordering of cleanup
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-10 10:46:11 +01:00
Przemyslaw Stekiel
505712338e ssl_client2: move memory leak check before rng_free()
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-03 14:19:52 +01:00
Przemyslaw Stekiel
53de2622f3 Move psa_crypto_slot_management.h out from psa_crypto_helpers.h
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-03 09:35:35 +01:00
Przemyslaw Stekiel
bbb22bbd9e ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free())
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-03 09:06:09 +01:00
Manuel Pégourié-Gonnard
0dbe1dfa1c
Merge pull request #4859 from brett-warren-arm/supported_groups
Add mbedtls_ssl_conf_groups to API
2021-11-02 10:49:09 +01:00
Brett Warren
25386b7652 Refactor ssl_{server2,client2} for NamedGroup IDs
Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 14:07:46 +01:00
Przemyslaw Stekiel
fed825a9aa ssl_client2, ssl_server2: add check for psa memory leaks
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-29 12:32:26 +02:00
Manuel Pégourié-Gonnard
4c9313fcd9
Merge pull request #4514 from mpg/generated-files-cmake
Generated files cmake
2021-10-28 09:23:41 +02:00
Manuel Pégourié-Gonnard
475bfe626e
Merge pull request #5108 from gilles-peskine-arm/base64-no-table-3.0
range-based constant-flow base64
2021-10-27 12:18:21 +02:00
Manuel Pégourié-Gonnard
9317e09d15
Merge pull request #5007 from mprse/pk_opaque
Add key_opaque option to ssl_server2.c + test
2021-10-27 10:52:13 +02:00
Przemyslaw Stekiel
c2d2f217fb ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as algorithm for opaque key
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-26 12:24:34 +02:00
Gilles Peskine
680747b868 Fix the build of sample programs without mbedtls_strerror
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
987984482d Fix printf format signedness error
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
9a2114ca57 load_roots: properly error out on an invalid option
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
01997e119f load_roots: fix no-argument detection
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
618a70ede7 load_roots: arguments must be files
I had originally thought to support directories with
mbedtls_x509_crt_parse_path but it would have complicated the code more than
I cared for. Remove a remnant of the original project in the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
2c1442ebc0 New sample program to benchmark certificate loading
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:08:33 +02:00
David Horstmann
a8d1406107 Rename DEV_MODE to GEN_FILES
GEN_FILES is a bit clearer as it describes what the setting
does more precisely.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
3e30ad9b0d Use MBEDTLS_PYTHON_EXECUTABLE
Change one occurrence of ${PYTHON} to ${MBEDTLS_PYTHON_EXECUTABLE}
and add implied ${MBEDTLS_PYTHON_EXECUTABLE} to the start of a
different command.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
d64f4b249c Fix assorted spelling and wording issues
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
e90e405e15 Introduce "Dev mode" option
When the option is On, CMake will have rules to generate the generated
files using scripts etc. When the option is Off, CMake will assume the
files are available from the source tree; in that mode, it won't require
any extra tools (Perl for example) compared to when we committed the
files to git.

The intention is that users will never need to adjust this option:

- in the development branch (and features branches etc.) the option is
always On (development mode);
- in released tarballs, which include the generated files, we'll switch
the option to Off (release mode) in the same commit that re-adds the
generated files.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
15a42c3e26 Allow CMake to generate psa_constant_names_generated.c
This one's a bit funny too as the generated file is not a source to the
executable (ie, it's not passed as an argument to the compiler), so
CMake's dependency resolution didn't work even though the file is in the
same directory.

For some reason, the following didn't work either:

    add_dependencies(psa_constant_names
        ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c)

So, apply the same strategy as for cross-directory use of a generated
file by creating a target and using it as a dependency.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:03 +01:00
Manuel Pégourié-Gonnard
86cfa6c27f Allow CMake to generate query_config.c
This one was trickier for two reasons:

1. It's used from another directory, see
https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory

2. The C file being generated after CMake is run means CMake can't
automatically scan for included headers and do its usual magic, so we
need to declare the dependency and more importantly the include path.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:03 +01:00
Manuel Pégourié-Gonnard
aedca0c993 Simplify source declarations in ssl/CMakeLists.txt
query_config was added twice, and while at it let's declare all the
sources in one place

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:03 +01:00
Przemyslaw Stekiel
8132c2ff46 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-21 12:26:58 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Gilles Peskine
2bb5e9c973
Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:20 +02:00
Przemyslaw Stekiel
db0ed7c579 ssl_server2.c: fix build err (key_slot - unused variable)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 15:11:43 +02:00
Przemyslaw Stekiel
0483e3d652 Add key_opaque option to ssl_server2.c + test
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-04 11:28:22 +02:00
Andrzej Kurek
5902cd64e2 Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes #4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:42 -04:00
Gilles Peskine
bfe3d87f24
Merge pull request #4842 from gilles-peskine-arm/public_fields-3.0-info
Make some structure fields public: key info, ASN.1 and X.509 parsing, socket fd
2021-09-29 12:37:09 +02:00
Gilles Peskine
5b8618b44c fixup: Make the fields of mbedtls_ecp_curve_info public
Remove more places where MBEDTLS_PRIVATE() was used on grp_id, which is now
public.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-28 12:34:53 +02:00
Gilles Peskine
7820a574f1 Catch failures of AES or DES operations
Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 16:22:08 +02:00
Gilles Peskine
0bf740ee4f
Merge pull request #4765 from gilles-peskine-arm/all.sh-subshells-3.0
Run all.sh components in a subshell
2021-09-02 10:26:58 +02:00
Gilles Peskine
88d681ca35 Make size_t -> int downcasts explicit
mbedtls_cipher_setkey takes an int argument. Cast explicitly, otherwise MSVC
complains.

Where possible, just stick to size_t.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 16:57:23 +02:00
Gilles Peskine
ca939959e4 Allow read-only access to lists of certificates, CRL, CRL entries
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 23:18:07 +02:00
Gilles Peskine
842edf474c Make many fields of X.509 structures public
The structures mbedtls_x509_time, mbedtls_x509_crl_entry, mbedtls_x509_crl,
mbedtls_x509_crt, mbedtls_x509_san_other_name,
mbedtls_x509_subject_alternative_name, mbedtls_x509_csr are designed to
expose the result of parsing X.509 data. Document many of their fields as
being publicly readable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:54:27 +02:00
Gilles Peskine
b11d61e095 mbedtls_net_context: make fd public on Unix/POSIX platforms
On platforms with BSD-like sockets, it is useful for applications to have
access to the underlying file descriptor so that they can use functions like
select() and poll().

Do not promise that the field will exist on other platforms such as
Windows (where the type and name of the field are technically wrong because
Windows socket handles are actually not file descriptors).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:54:27 +02:00
Gilles Peskine
80932fa944 Don't access cipher_info private fields in sample programs
Use the new accessor functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:52:41 +02:00
Gilles Peskine
a73b577744 Make the fields of mbedtls_ecp_curve_info public
The whole point of this structure is to provide information, both for the
library's own sake and to applications.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:52:41 +02:00
Manuel Pégourié-Gonnard
e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api
Add TLS 1.3 ciphersuite and key exchange identifiers and API
2021-08-30 09:47:46 +02:00
Jerry Yu
31c01d303e Rename available values for tls13_kex_modes
Rename `psk_pure` to `psk` and `ephemeral_pure` to `ephemeral`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:53 +08:00
Jerry Yu
447a3bee17 fix wrong typo and format issues
Change-Id: I99a4c7d28c26bfcc43bc8947485d1dfafb6974dc
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-18 09:55:36 +08:00
Jerry Yu
7276f13c93 fix comments for sig_algs parser
Change-Id: I68bd691c4b67fb18ff9d55ead34f5517b1b981de
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-17 18:25:57 +08:00
Hanno Becker
a9e4e6fd6f ssl_server2: Add usage string for TLS 1.3 key exchange modes
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:52 +01:00
Hanno Becker
cfa4d4b3f5 ssl_client2: Adjust usage string to recognized cmd line parameter
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
2c0f697fbc Support TLS 1.3 key exchange config in ssl_client2/ssl_server2
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
11ceadd382 Add cmdline param for TLS 1.3 sig alg config to ssl_{client,server}2
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 13:55:46 +01:00
Jerry Yu
2a572cf376 Move socket setup behind ssl structure setup.
If socket setup fail, ssl structure setup won't be called.
And the order of them do not affect final result, but it
will break ssl setup negative tests.

Change the order can fix that.

issue: #4844

Change-Id: I2488ed5f74773421eb1eac0cfd7f1ce4fbb0b32d
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-09 18:57:24 +08:00
Jerry Yu
b1dc59a125 Add tls1.3 parameters to ssl_{client,server2}
To support tls1.3 relative tests, add `tls1_3`
parameter for `{min,max}_version` and `force_version`

issues: #4844

Change-Id: I1b22a076582374b8aabc733086562e9d03a94a2a
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-09 18:57:24 +08:00
Gilles Peskine
91e890e2fc Add documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-05 15:23:00 +02:00
Gilles Peskine
3cbd69c4d4 Switch to 4-space indentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-05 15:10:27 +02:00
Gilles Peskine
8b427c851e Use python3 when building on non-Windows for Windows
The makefiles look for python3 on Unix-like systems where python is often
Python 2. This uses sh code so it doesn't work on Windows. On Windows, the
makefiles just assume that python is Python 3.

The code was incorrectly deciding not to try python3 based on WINDOWS_BUILD,
which indicates that the build is *for* Windows. Switch to checking WINDOWS,
which indicates that the build is *on* Windows.

Fix #4774

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 18:26:08 +02:00
Gilles Peskine
03ab544832 Generate cpp_cummy_build.cpp dynamically
Generate programs/test/cpp_dummy_build.cpp dynamically instead of
maintaining it manually. This removes the need to update it when the list of
headers changes.

Include all the headers unconditionally except for the ones that cannot be
included directly.

Support this dynamic generation both with make and with cmake.

Adapt all.sh accordingly. Remove the redundant C build from
component_build_default_make_gcc_and_cxx (it was also done in
component_test_default_out_of_box), leaving a component_test_make_cxx. Also
run the C++ program, because why not. Do this in the full configuration
which may catch a bit more problems in headers.

Fixes #2570 for good.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-12 18:19:31 +02:00
Gilles Peskine
ac694b9eac
Merge pull request #4754 from mpg/fix-overly-aggressive-udp-proxy
Fix bug with UDP proxy not forwarding enough
2021-07-09 11:57:43 +02:00
Manuel Pégourié-Gonnard
e5306f6c1d Use distinct variables for distinct purposes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-07-07 10:48:26 +02:00
Manuel Pégourié-Gonnard
71ce4ef981 Fix bug with UDP proxy not forwarding enough
We previously introduced a safety check ensuring that if a datagram had
already been dropped twice, it would no longer be dropped or delayed
after that.

This missed an edge case: if a datagram is dropped once, it can be
delayed any number of times. Since "delay" is not defined in terms of
time (x seconds) but in terms of ordering with respect to other messages
(will be forwarded after the next message is forwarded), depending on
the RNG results this could result in an endless loop where all messages
are delayed until the next, which is itself delayed, etc. and no message
is ever forwarded.

The probability of this happening n times in a row is (1/d)^n, where d
is the value passed as delay=d, so for delay=5 and n=5 it's around 0.03%
which seems small but we still happened on such an occurrence in real
life:

    tests/ssl-opt.sh --seed 1625061502 -f 'DTLS proxy: 3d, min handshake, resumption$'

results (according to debug statements added for the investigation) in
the ClientHello of the second handshake being dropped once then delayed
5 times, after which the client stops re-trying and the test fails for
no interesting reason.

Make sure this doesn't happen again by putting a cap on the number of
times we fail to forward a given datagram immediately.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-07-06 12:39:43 +02:00
Manuel Pégourié-Gonnard
69c10a41c7 Fix memory leak on failure path in test code
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-07-06 12:05:23 +02:00
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0
Add output size parameter to signature functions
2021-06-29 09:43:17 +02:00
Bence Szépkúti
bb0cfeb2d4 Rename config.h to mbedtls_config.h
This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:33 +01:00
Bence Szépkúti
c662b36af2 Replace all inclusions of config.h
Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since
build_info.h alreadyy handles it.

This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^include/mbedtls/build_info\.h$' | xargs sed -b -E -i '
/^#if !?defined\(MBEDTLS_CONFIG_FILE\)/i#include "mbedtls/build_info.h"
//,/^#endif/d
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:24:07 +01:00
Dave Rodgman
10bda58b49
Merge pull request #4259 from CJKay/cmake-config
Add CMake package config file
2021-06-25 20:32:13 +01:00
Gilles Peskine
f00f152444 Add output size parameter to signature functions
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.

No change to RSA because for RSA, the output size is trivial to calculate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation
Require matching hashlen in RSA functions: implementation
2021-06-24 10:28:20 +02:00
Gilles Peskine
e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export
Implement modified key export API for Mbed TLS 3.0
2021-06-22 18:52:37 +02:00
Gilles Peskine
6e3187b212 RSA: Use hashlen as the hash input size as documented
Where hashlen was previously ignored when the hash length could be
inferred from an md_alg parameter, the two must now match.

Adapt the existing tests accordingly. Adapt the sample programs accordingly.

This commit does not add any negative testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 18:39:53 +02:00
Manuel Pégourié-Gonnard
508d3a5824
Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext
Remove truncated HMAC extension
2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-22 09:27:41 +02:00
Hanno Becker
296fefeb98 Fix return type of example key export callbacks
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-21 09:33:02 +01:00
Hanno Becker
7e6c178b6d Make key export callback and context connection-specific
Fixes #2188

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Hanno Becker
c4c38caca5 Adjust example programs to new key export API
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Hanno Becker
2d6e6f8fec Remove '_ext' suffix from SSL key exporter API
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard
9a32d45819
Merge pull request #4517 from hanno-arm/ticket_api_3_0
Implement 3.0-API for SSL session resumption
2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard
ae35830295
Merge pull request #4661 from mpg/make-blinding-mandatory
Make blinding mandatory
2021-06-18 18:32:13 +02:00
Dave Rodgman
8c8166a7f1
Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test
Move part of timing module out of the library
2021-06-18 16:35:58 +01:00
Manuel Pégourié-Gonnard
6ff9ef56a5 Fix cmake build of fuzz_privkey
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:41:01 +02:00
Manuel Pégourié-Gonnard
6f19ce317b Fix async support in ssl_server2
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard
1503a9adab Use a proper DRBG in programs
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:40:15 +02:00
Manuel Pégourié-Gonnard
7f93da1265 Use the dedicated dummy_random in fuzzing programs
Also make sure to initialize the DRBG before using it in fuzz_server
(dummy_random uses ctr_drbg internally).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Manuel Pégourié-Gonnard
36a8963b3b Fix cmake build of programs
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Manuel Pégourié-Gonnard
84dea01f36 Add RNG params to private key parsing
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).

This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().

Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Manuel Pégourié-Gonnard
39be1410fd Add RNG parameter to check_pair functions
- mbedtls_ecp_check_pub_priv() because it calls ecp_mul()
- mbedtls_pk_check_pair() because it calls the former

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Thomas Daubney
40d49b1e54 Removes truncated HMAC code from ssl_context_info program
Commit removes conditional compilation block
which depends on MBEDTLS_SSL_TRUNCATED_HMAC
config option.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:19:53 +01:00
Thomas Daubney
909d3bfa43 Removes MBEDTLS_SSL_TRUNCATED_HMAC code from fuzz programs
Commit removes conditional compilation code blocks
dependent on MBEDTLS_SSL_TRUNCATED_HMAC config
option.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:19:53 +01:00
Thomas Daubney
22989d027a Removes MBEDTLS_SSL_TRUNCATED_HMAC code from ssl programs
Commit removes code dependent on
MBEDTLS_SSL_TRUNCATED_HMAC from SSL
client and sever example programs.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:19:53 +01:00
TRodziewicz
10e8cf5fef Remove MD2, MD4, RC4, Blowfish and XTEA
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:25 +02:00
Gilles Peskine
17575dcb03
Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd
Rename the _ret() functions
2021-06-15 20:32:07 +02:00
TRodziewicz
9a9609ee06 Make static all the functions moved to bechmark.c
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-15 15:48:17 +02:00
TRodziewicz
90f304ff1a Fixing test_clang_opt (asm not defined)
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-15 15:48:01 +02:00
TRodziewicz
d854083773 Move part of timing module out of the library
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-15 15:47:44 +02:00
Gilles Peskine
bf69ea5b8f Make some fields of mbedtls_ecp_group public
The Mbed TLS code relies heavily on reading certain fields of
mbedtls_ecp_group directly. Make these fields public. Require
that MBEDTLS_ECP_ALT alternative implementations have them.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Gilles Peskine
487bbf6805 DHM: new functions to query the length of the modulus
Add two functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() to
query the length of the modulus in bytes or bits.

Remove the len field: the cost of calling mbedtls_dhm_get_len() each time
it's needed is negligible, and this improves the abstraction of the DHM
module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Ronald Cron
c4c761e35e Merge remote-tracking branch 'mbedtls/development' into mbedtls_private_with_python
Conflicts:
    include/mbedtls/ssl.h
    include/psa/crypto_struct.h

Conflicts fixed by using the code from development branch
and manually re-applying the MBEDTLS_PRIVATE wrapping.
2021-06-14 16:17:32 +02:00
TRodziewicz
26371e4793 Rename the _ret() functions
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-08 16:45:41 +02:00
Ronald Cron
3a0375fff4 Fail if a padding disabled by the build-time configuration is selected
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:57 +02:00
Ronald Cron
c1905a1c3d Change mbedtls_rsa_init() signature
Remove padding parameters as mbedtls_rsa_init()
cannot return an error code when padding
parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:19 +02:00
Ronald Cron
ea7631be1c Change mbedtls_rsa_set_padding() signature
mbedtls_rsa_set_padding() now returns the error
code MBEDTLS_ERR_RSA_INVALID_PADDING when
padding parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:10 +02:00
Manuel Pégourié-Gonnard
16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api
Remove MFL query API and add API for maximum plaintext size of incoming records
2021-06-08 11:07:27 +02:00
Hanno Becker
59d3670fa5 Fix ssl-opt.sh test cases grepping for MFL configuration output
Use and grep for the new max in/out record payload length API instead.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-08 05:35:29 +01:00
Mateusz Starzyk
854a25c7a4 Merge branch 'development' into mbedtls_private_with_python
Conflicts:
         include/mbedtls/ecp.h

Conflict resolved by using the code from development branch
and manually applying the MBEDTLS_PRIVATE wrapping.
2021-06-07 09:49:01 +02:00
Chris Kay
d259e347e6 Add CMake package config file
This change enables automatic detection and consumption of Mbed TLS
library targets from within other CMake projects. By generating an
`MbedTLSConfig.cmake` file, consuming projects receive a more complete
view of these targets, allowing them to be used as dependencies which
properly inherit the transitive dependencies of the libraries.

This is fairly fragile, as it seems Mbed TLS's libraries do not appear
to properly model their dependencies on other targets, including
third-party dependencies. It is, however, sufficient for building and
linking the compiled Mbed TLS libraries when there are no third-party
dependencies involved. Further work is needed for more complex
use-cases, but this will likely meet the needs of most projects.

Resolves #298. Probably useful for #2857.

Signed-off-by: Chris Kay <chris.kay@arm.com>
2021-06-04 16:02:48 +01:00
Manuel Pégourié-Gonnard
cac90a15ed Hide constants for TLS 1.0 and TLS 1.1
ssl_server2 had a check that we never try to use a minor version lower
than 2 with DTLS, but that check is no longer needed, as there's no way
that would happen now that MBEDTLS_SSL_MINOR_VERSION_1 is no longer
public.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-04 12:29:33 +02:00
Hanno Becker
d60b6c62d5 Remove per-version ciphersuite configuration API
This commit removes the API

```
    mbedtls_ssl_conf_ciphersuites_for_version()
```

which allows to configure lists of acceptable ciphersuites
for each supported version of SSL/TLS: SSL3, TLS 1.{0,1,2}.

With Mbed TLS 3.0, support for SSL3, TLS 1.0 and TLS 1.1
is dropped. Moreover, upcoming TLS 1.3 support has a different
notion of cipher suite and will require a different API.

This means that it's only for TLS 1.2 that we require
a ciphersuite configuration API, and

```
   mbedtls_ssl_conf_ciphersuites()
```

can be used for that. The version-specific ciphersuite
configuration API `mbedtls_ssl_conf_ciphersuites_for_version()`,
in turn, is no longer needed.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-04 12:20:10 +02:00
kXuan
ba9cb76e9f
static initialize comb table
MBEDTLS_ECP_FIXED_POINT_OPTIM aims to speed up ecc multiplication performance.

We compute the comb table in runtime now. It is a costly operation.

This patch add a pre-computed table to initialize well-known curves. It speed up ECDSA signature verify process in runtime by using more ROM size.

Signed-off-by: kXuan <kxuanobj@gmail.com>
2021-06-01 10:02:13 +08:00
Mateusz Starzyk
e7dce558c9 Merge branch 'development' into mbedtls_private_with_python
Conflicts:
	include/mbedtls/ssl.h

Conflicts resolved by using code from development branch and
manually re-applying MBEDTLS_PRIVATE wrapping.
2021-05-27 16:02:46 +02:00
Mateusz Starzyk
55768f26fc Fix MBEDTLS_PRIVATE wrapping in tests and sample programs.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-27 15:53:27 +02:00
TRodziewicz
46cccb8f39 _SSL_DTLS_BADMAC_LIMIT config.h option removed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-26 13:36:21 +02:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2
Remove rsa mode params part 2
2021-05-25 20:36:33 +02:00
TRodziewicz
4ca18aae38 Corrections after the code review
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 13:38:00 +02:00
TRodziewicz
6370dbeb1d Remove the _SSL_FALLBACK_ parts
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:49:59 +02:00
TRodziewicz
55bd84bebc Correction to the ssl client/server usage comment.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:48:40 +02:00
TRodziewicz
28126050f2 Removal of constants and functions and a new ChangeLog file
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:48:12 +02:00
TRodziewicz
0f82ec6740 Remove the TLS 1.0 and 1.1 support
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:45:20 +02:00
Hanno Becker
9752aadd85 Make query API for state of MFL extension internal
This commit makes the API

- mbedtls_ssl_get_output_max_frag_len()
- mbedtls_ssl_get_input_max_frag_len()
- mbedtls_ssl_get__max_frag_len()

for querying the state of the Maximum Fragment Length
extension internal.

Rationale: The value those APIs provide to the user is in
upper bounds for the size of incoming and outgoing records,
which can be used to size application data buffers apporpriately
before passing them to mbedtls_ssl_{read,write}(). However,
there are other factors which influence such upper bounds,
such as the MTU or other extensions (specifically, the
record_size_limit extension which is still to be implemented)
which should be taken into account.

There should be more general APIs for querying the maximum
size of incoming and outgoing records.

For the maximum size of outgoing records, we already have such,
namely mbedtls_ssl_get_max_out_record_payload().

For the maximum size of incoming records, a new API will be
added in a subsequent commit.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-23 06:03:55 +01:00
Mateusz Starzyk
5dd4f6e9ce Add MBEDTLS_PRIVATE wrapping to sample programs.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-21 18:10:44 +02:00
Mateusz Starzyk
6c2e9b6048 Add MBEDTLS_ALLOW_PRIVATE_ACCESS to test programs
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-21 18:10:44 +02:00
Ronald Cron
ca72287583
Merge pull request #4304 from mstarzyk-mobica/convert_NO_SHA384_to_positive
Modify config option for SHA384.
2021-05-21 08:04:33 +02:00
Gilles Peskine
3248be4b3a
Merge pull request #4462 from netfoundry/gcc11.fixes
build with gcc11
2021-05-20 15:54:23 +02:00
Mateusz Starzyk
17011a3185 Merge branch 'development' into convert_NO_SHA384_to_positive
Conflicts:
	library/version_features.c
	programs/test/query_config.c

Files were removed in development branch and modified by current branch.
Conflicts fixes by removing them.
2021-05-20 14:18:12 +02:00
Gilles Peskine
eb30b0cc39 Merge remote-tracking branch 'upstream-public/development' into no-generated-files-3.0
Conflicts: generated files that are removed in this branch and have
changed in development. Resolved by keeping the files removed.
2021-05-20 10:40:48 +02:00
Gilles Peskine
b0fa9d209d Don't require make to generate visualc files
Don't run `make list` to obtain the list of programs in
generate_visualc_files.pl. This doesn't work on Windows when a `make`
command is not available. Instead, read the makefile.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 10:37:22 +02:00
Gilles Peskine
1411c7c0d6 Don't make configuration-independent files depend on config.h
Don't regenerate configuration-independent files when config.h or
crypto_config.h changes. These files only depend on the set of symbols
present in the headers and not on which symbols are enabled. To avoid
rebuilding the generated files whenever the configuration changes,
don't declare the configuration as a dependency.

In the rare event that a maintainer makes an edit to *config.h that
affects the generated files, they'll have to remove the generated files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 10:37:22 +02:00
Gilles Peskine
b5e08637ad Ignore generated source files that are no longer checked in
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 10:37:22 +02:00
Manuel Pégourié-Gonnard
729fa5be88
Merge pull request #4450 from mstarzyk-mobica/remove_null_entropy
Remove MBEDTLS_TEST_NULL_ENTROPY config option.
2021-05-20 09:19:55 +02:00
Shawn Carey
aa13e93941 avoid "maybe-uninitialized" and "free-nonheap-object" errors/warnings with gcc11
Signed-off-by: Shawn Carey <shawn.carey@netfoundry.io>
2021-05-19 11:31:37 -04:00
Manuel Pégourié-Gonnard
2213871654
Merge pull request #4489 from TRodziewicz/Remove__SSL_RECORD_CHECKING
Remove  ssl record checking
2021-05-19 13:57:51 +02:00
Mateusz Starzyk
a309e0ec07 Remove redundant SHA384 if defined block.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-19 11:38:01 +02:00
Mateusz Starzyk
4228f895c0 Merge branch 'development' into convert_NO_SHA384_to_positive
Conflicts:
* configs/config-psa-crypto.h: modified here, removed in development
* tests/suites/test_suite_x509parse.data: all conflicts are in depends_on
  lines where development made a change unrelated to MBEDTLS_SHAxxx and our
  branch either changed `MBEDTLS_SHA256_C` to `MBEDTLS_SHA224_C` or
  `MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384` to ``MBEDTLS_SHA384_C`, with
  no change to what the test does. Pick the other branch's dependency
  changes then apply our SHA dpeendency change.
2021-05-19 11:37:49 +02:00
Thomas Daubney
68d9cbca97 Removes mode param from mbedtls_rsa_pkcs1_verify
Commit removes mode parameter from
mbedtls_rsa_pkcs1_verify and propagates the
change throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:14:32 +01:00
Thomas Daubney
613d1a4fb7 Removes p_rng param from mbedtls_rsa_pkcs1_verify
Commit removes p_rng from mbedtls_rsa_pkcs1_verify
since p_rng has no relevance following the removal
of f_rng from this function.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:07:13 +01:00
Thomas Daubney
ac1331211e Removes f_rng parameter from mbedtls_rsa_pkcs1_verify
Commit removes f_rng parameter from
mbedtls_rsa_pkcs1_verify as a prerequisite
to removing the mode parameter. f_rng no
longer has relevance in this function if
mode is removed.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:07:13 +01:00
Thomas Daubney
140184d029 Removes mode param from mbedtls_rsa_pkcs1_sign
Commit removes the mode parameter from
mbedtls_rsa_pkcs1_sign and progagates the
change to all relevant parts of the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 18:02:24 +01:00
Gilles Peskine
e7e958b1f1
Merge pull request #4393 from gilles-peskine-arm/generate-tests-python3-make-2.x
Use Python 3 instead of Python 2 to generate test files
2021-05-18 13:30:36 +02:00
Gilles Peskine
9c58274484 Remove automatically generated source files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-17 22:48:08 +02:00
Gilles Peskine
687d1ab714 Makefile targets for automatically generated files
Run `make generated_files` to generate the automatically generated
C source files and build scripts.

Run `make neat` to remove all automatically generated files, even C
source files and build scripts.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-17 22:47:02 +02:00
Ronald Cron
fdcde47f36
Merge pull request #4458 from davidhorstmann-arm/remove-max-content-len
Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
2021-05-17 16:36:04 +02:00
Gilles Peskine
864b425156
Merge pull request #4488 from tom-daubney-arm/remove_rsa_mode_params
Remove rsa mode params part 1
2021-05-17 13:49:19 +02:00
Thomas Daubney
2177277dda Removes mode param from mbedtls_rsa_pkcs1_encrypt
Removal of the mode parameter from
mbedtls_rsa_pkcs1_encrypt function. This change
is propagated throughout the codebase and to
relevant tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-17 10:11:05 +01:00
Hanno Becker
494dc71de8 Remove mbedtls_ssl_get_session_pointer()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 15:15:35 +01:00
gabor-mezei-arm
4a21019653 Implement psa_sign_message and psa_verify_message functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:49 +02:00
Thomas Daubney
c7feaf349c Remove mode param from mbedtls_rsa_pkcs1_decrypt
The mode parameter has been removed from the
mbedtls_rsa_pkcs1_decrypt function. The change
has been progagated to all function calls,
including in test suite .function files.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:43:06 +01:00
Gilles Peskine
5d1f747d85
Merge pull request #4377 from mpg/psa-pbkdf2-api
PSA API for PBKDF2-HMAC
2021-05-12 18:00:30 +02:00
TRodziewicz
102c89ed65 Remove the MBEDTLS_SSL_RECORD_CHECKING option
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-12 13:28:59 +02:00
David Horstmann
fba138a08a Remove buffer_size maximum from ssl_server2.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-05-11 15:23:56 +01:00
Mateusz Starzyk
72f60dfcc1 Remove MBEDTLS_TEST_NULL_ENTROPY config option.
Building the library without entropy sources negates any and all security
provided by the library.
This option was originally requested a relatively long time ago and it
does not provide any tangible benefit for users any more.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-11 13:15:19 +02:00
David Horstmann
95d516f319 Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-05-10 17:02:48 +01:00
Mateusz Starzyk
6326a8dd37 Fix SHA definitions and their dependencies in library and test suites.
Rework SHA224 and SHA283 documentation.
Define MBEDTLS_SHAxxx_C options in alphabetic order.
Fix SHA224 and SHA384 dependencies in test suites.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-10 13:51:53 +02:00
Manuel Pégourié-Gonnard
f0c28eff09 Avoid introducing PSA_ALG_NONE for now
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-07 12:13:48 +02:00
Manuel Pégourié-Gonnard
dd57b2f240
Merge pull request #4445 from TRodziewicz/remove_deprecated_things_-_remainder
Remove deprecated functions and constants.
2021-05-07 10:05:30 +02:00
Gilles Peskine
99cce1dd4f Remove copy-pasted definition of PYTHON that wasn't used
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-06 11:36:50 +02:00
Ronald Cron
98d00d06a0
Merge pull request #4426 from ronald-cron-arm/remove-enable-weak-ciphersuites
Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
2021-05-04 17:20:36 +02:00
Manuel Pégourié-Gonnard
71d955a79d Introduce PSA_ALG_NONE
It is required by the standard definition of PSA_ALG_GET_HASH.

Documentation and definition from:
https://armmbed.github.io/mbed-crypto/html/api/ops/algorithms.html#c.PSA_ALG_NONE

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 10:36:48 +02:00
Manuel Pégourié-Gonnard
c149e1de9b Remove duplicated definition of PSA_ALG_GET_HASH()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 10:25:05 +02:00
Manuel Pégourié-Gonnard
c7f8dbe837 Update generated files
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 09:41:35 +02:00
Manuel Pégourié-Gonnard
aa923b9fed Update generated files
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 11:03:24 +02:00
Gilles Peskine
59d97a16d6
Merge pull request #4437 from gilles-peskine-arm/aes2crypt-removal-2.x
Remove the sample program aescrypt2
2021-04-30 11:15:22 +02:00
TRodziewicz
85dfc4de20 Applying current changes
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-30 00:07:04 +02:00
TRodziewicz
18efb73743 Remove deprecated functions and constants.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-29 23:12:19 +02:00
Dave Rodgman
c86f330aed
Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased
Reduce ROM usage due to X.509 info
2021-04-28 17:31:55 +01:00
Gilles Peskine
98b3cd6b23 Remove the sample program aescrypt2
The sample program aescrypt2 shows bad practice: hand-rolled CBC
implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key
stretching, no algorithm agility. The new sample program pbcrypt does
the same thing, but better. So remove aescrypt2.

Fix #1906

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-28 15:57:30 +02:00
Mateusz Starzyk
e3c48b4a88 Separate SHA224 from SHA256 config options.
These options are still dependant on each other.
This is an intermediate step.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Mateusz Starzyk
3352a53475 Modify config option for SHA384.
Although SHA512 is currently required to enable SHA384, this
is expected to change in the future. This commit is an
intermediate step towards fully separating SHA384 and SHA512.

check_config is the only module which enforces that SHA512 is
enabled together with SHA384.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Gilles Peskine
2c8041d6df
Merge pull request #4433 from bensze01/psa_aead_output_size
[development] PSA: Update AEAD output buffer macros to PSA API version 1.0
2021-04-28 13:30:40 +02:00
Chris Jones
fa1f904990 Fix an error when copy-pasting x509_crt_verify_info
Made a mistake when copy-pasting and put the guard in the wrong place.
Fix that by moving the compile time guard.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-28 10:04:05 +01:00
Chris Jones
e383fa65d7 Move x509_crt_verify_info to ssl_test_common_source.c
This function was introduced before ssl_test_common_source.c and so the
function is replicated in both ssl_client2.c and ssl_server2.c. Move
the function to ssl_test_common_source.c to avoid duplication.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:38:24 +01:00
Chris Jones
ee33c60fc2 Fix minor styling issues
Remove some accidental newlines that were added previously.

Update some definition guards to make it clearer that
`MBEDTLS_X509_REMOVE_INFO` is defined and not undefined.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:38:24 +01:00
Hanno Becker
eb2efb0de7 Avoid unused variable warning in X.509 CSR fuzzing
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
da121744da Fix preprocessor guard in ssl_server2.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
54ac185f33 Adapt X.509 fuzzing code to support MBEDTLS_X509_REMOVE_INFO
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
2c2722d637 Add missing MBEDTLS_X509_REMOVE_INFO guards in ssl_context_info.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
7ac83f91bf Print X.509 verify info strings even if MBEDTLS_X509_REMOVE_INFO
The new compile-time option MBEDTLS_X509_REMOVE_INFO removes various
X.509 debugging strings and functionality, including

```
  mbedtls_x509_crt_verify_info()
```

which ssl_client2.c and ssl_server2.c use to print human readable
descriptions of X.509 verification failure conditions. Those
conditions are also grepped for in numerous ssl-opt.sh tests.

Instead of disabling those tests if MBEDTLS_X509_REMOVE_INFO is set,
this commit essentially moves mbedtls_x509_crt_verify_info() to
ssl_client2.c and ssl_server2.c. However, instead of just copy-pasting
the code from x509_crt.c, the following approach is used:

A macro MBEDTLS_X509_CRT_ERROR_INFO_LIST is introduced which for each
verification failure condition invokes a user-defined macro X509_CRT_ERROR_INFO
with (a) the numerical error code, (b) the string presentation of the
corresponding error macro, (c) the info string for the error condition.
This macro can thus be used to generate code which somehow iterates over
the verifiation failure conditions, but the list of error conditions and
information strings is nowhere duplicated.

This is then used to re-implement mbedtls_x509_crt_verify_info() in
x509_crt.c and to provide a functionally equivalent (yet slightly different)
version in ssl_client2.c and ssl_server2.c in case MBEDTLS_X509_REMOVE_INFO
is set.

This way, little changes to ssl-opt.sh will be necessary in case
MBEDTLS_X509_REMOVE_INFO is set because the info strings for the
verification failure conditions will be printed regardless of whether
MBEDTLS_X509_REMOVE_INFO is set or not.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
5d4c4b1f95 Add missing dependencies on !MBEDTLS_X509_REMOVE_INFO
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:18:52 +01:00
Hanno Becker
612a2f1504 Rename MBEDTLS_X509_INFO to !MBEDTLS_X509_REMOVE_INFO
The introduction of positive options to control the presence
of pre-existing functionality breaks the build for users of
handwritten configurations.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:18:52 +01:00
Peter Kolbus
9a969b66c1 Reduce code size when mbedtls_x509_*_info() unused
Introduce MBEDTLS_X509_INFO to indicate the availability of the
mbedtls_x509_*_info() function and closely related APIs. When this is
not defined, also omit name and description from
mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that
are entirely unused. This saves several KB of code space.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:18:52 +01:00
Ronald Cron
cee427002b Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
Fix 4416

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-27 09:34:14 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs
Merge development_3.0 into development
2021-04-26 19:48:16 +01:00
Mateusz Starzyk
f9c7b3eb11 Remove PKCS#11 library wrapper.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-21 11:05:00 +02:00
Mateusz Starzyk
a58625f90d Remove optional SHA-1 in the default TLS configuration.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-16 18:39:10 +02:00
Bence Szépkúti
ec174e292d Update all uses of old AEAD output size macros
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:06 +02:00
Steven Cooreman
6801f08973 Implement support for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
According to the design in psa-driver-interface.md. Compiles without
issue in test_psa_crypto_drivers.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:04:26 +02:00
Mateusz Starzyk
c301bd56f0 Merge branch 'development_3.0' into drop_old_tls_options 2021-04-15 13:55:20 +02:00
Mateusz Starzyk
f5c535139d Remove remaining comments and strings refering to removed features.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-15 13:28:52 +02:00
Chris Jones
9c6356881f Remove MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
This config option has been unused for >5 years and so should be removed.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-09 16:10:48 +01:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Gilles Peskine
b420259777
Merge pull request #4174 from gilles-peskine-arm/psa-eddsa-spec
PSA Encodings for EdDSA
2021-04-07 11:20:27 +02:00
Gilles Peskine
d5200371ec
Merge pull request #3512 from gilles-peskine-arm/ecp-alloc-202007
Reduce the number of allocations in ECP operations
2021-04-02 00:08:35 +02:00
Ronald Cron
17fbf5b3c4
Merge pull request #4237 from paul-elliott-arm/fix_printf_extra
Fix printf missed issues
2021-03-30 16:40:56 +02:00
Gilles Peskine
27354690cb Use a bit-size in the algorithm name
Call it “SHAKE256-512”, just like SHA3-512 has 512 bits of output.
SHAKE256-64 looks like it's 64 bits of output, but this is 64 bytes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
3a1101a122 Define algorithms for EdDSA
Define algorithms for PureEdDSA and for HashEdDSA, the EdDSA variants
defined by RFC 8032.

The encoding for HashEdDSA needs to encode the hash algorithm so that
the hash can be calculated by passing PSA_ALG_SIGN_GET_HASH(sig_alg)
to psa_hash_compute() or psa_hash_setup(). As a consequence,
Ed25519ph (using SHA-512) and Ed448ph (using SHAKE256) need to have
different algorithm encodings (the key is enough to tell them apart,
but it is not known while hashing). Another consequence is that the
API needs to recognize the Ed448 prehash (64 bytes of SHAKE256 output)
as a hash algorithm.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
67546802fe New elliptic curve family: twisted Edwards
Add an elliptic curve family for the twisted Edwards curves
Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves,
since these are the only two curves in common use, the family has a
generic name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
4a7074022a Add a compile-time dependency to psa_constant_names_generated.c
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Manuel Pégourié-Gonnard
4dfb83c0d7
Merge pull request #4164 from chris-jones-arm/move-internal-headers
Unify internal headers in library/
2021-03-29 11:18:54 +02:00
Mateusz Starzyk
a2d16b39bc Remove certs.h includes from test applications.
Tests should no longer consider certs.h as a part of public API.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-19 12:49:41 +01:00