Commit graph

9371 commits

Author SHA1 Message Date
Jerry Yu
c5a23a0f12 fix various issues
- code style
- variable initialize
- update comments


Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 11:09:35 +08:00
Dave Rodgman
fac3ea5656
Merge pull request #6184 from leorosen/ssl_tls_curve_group_id_null_protect
mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing
2022-08-24 15:16:45 +01:00
Tom Cosgrove
bcc13c943f
Add further missing whitespaces inside parentheses
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>

Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-24 15:08:16 +01:00
Tom Cosgrove
20c1137350
Fix coding style
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>

Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-24 15:06:13 +01:00
Dave Rodgman
5a28142410
Merge pull request #6189 from Kxuan/fix-ctr_drbg-uninit
ctr_drbg: fix free uninitialized aes context
2022-08-24 14:58:44 +01:00
Jerry Yu
f35ba384ff Add select ciphersuite entry function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 22:01:58 +08:00
Jerry Yu
dd1bef788e Add ciphersuite_info check
return null if no valid ciphersuite info

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 17:57:02 +08:00
Jerry Yu
29d9faa468 fix various issues.
- comments issues
- code format style issues
- naming improvement.
- error return improvements

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 17:53:43 +08:00
Andrzej Kurek
299b1d6c93 Remove unnecessary psa/crypto.h include
This is now included in `legacy_or_psa.h`.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:42:33 -04:00
Andrzej Kurek
cccb044804 Style & formatting fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:26:02 -04:00
Janos Follath
645ff5b8ff
Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures
Add the new modulus and the residue structures with low level I/O operations
2022-08-23 09:02:43 +01:00
Andrzej Kurek
7e16ce3a72 Clarify TLS 1.2 dependencies with and without PSA crypto
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
8c95ac4500 Add missing dependencies / alternatives
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate, 
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
25f271557b Update SHA and MD5 dependencies in the SSL module
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
0ce592169e Use hash_info_get_size in ssl_tls12_client
This way the code does not rely on the MBEDTLS_MD_C define
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
a242e83b21 Rename the sha384 checksum context to reflect its purpose
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:02:04 -04:00
Gilles Peskine
e5018c97f9
Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake
Driver-only hashes: EC J-PAKE
2022-08-22 17:28:15 +02:00
Gilles Peskine
20ebaac85e
Merge pull request #6211 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1
Be explicit about constant time bignum functions that must take a 0 or 1 condition value
2022-08-22 17:24:04 +02:00
Gilles Peskine
03f1c39ac7
Merge pull request #6171 from mprse/md_x509_test
Driver-only hashes: X.509
2022-08-22 17:18:47 +02:00
Janos Follath
2e328c8591 Remove confusing const qualifier
Since a is not a pointer, it is passed by value and declaring it const
doesn’t make any sense and on the first read can make me miss the fact
that a is not a pointer.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 11:19:10 +01:00
Janos Follath
c459641ad1 Bignum: add missing limb qualifiers
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 10:04:52 +01:00
Janos Follath
af3f39c01c Fix typos
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
Co-authored-by: Werner Lewis <Werner.Lewis@arm.com>

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 09:08:04 +01:00
Jerry Yu
5725f1cf3a Align ciphersuite with overwrite.
Selected ciphersuite MUST be same with ciphsersuite of PSK.
Overwrite the old ciphersuite with the one of PSK.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 17:50:27 +08:00
Jerry Yu
01e42d2d4c fix issues in export handshake psk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 13:00:07 +08:00
Jerry Yu
9f7f646b11 Revert "remove psk key when ephemeral selected"
This reverts commit 5c28e7aa0e.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:59:17 +08:00
Jerry Yu
e9d4fc09a3 fix binder value security issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:59:17 +08:00
Jerry Yu
24b8c813c4 fix comments and wrong initial value issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:55:45 +08:00
Jerry Yu
5d01c05d93 fix various issues
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:55:01 +08:00
Jerry Yu
6cf6b47b5c fix format and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:54:53 +08:00
Dave Rodgman
beb4fc0723
Merge pull request #6185 from leorosen/tls12_server_null_on_missing_key
ssl_tls12_server: fix potential NULL-dereferencing if local certifica…
2022-08-19 20:22:59 +01:00
Leonid Rozenboim
19e5973566 mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing
Avoid the shorthand practice of the form 'x = func(foo)->bar' which
exposes the code to NULL pointer de-referencing when the 'func()'
returns a NULL pointer.

The first chunk is for when the curve group code is not recognized by
the library, and is cleanly rejected if offered.

The second chunk addresses the unlikely case of an internal error:
if 'mbedtls_pk_can_do()' returns TRUE, it should rule out
'mbedtls_pk_ec()' returning a NULL, unless there is a regression.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-08-19 11:49:22 -07:00
Janos Follath
a95f204cd3 Improve documentation
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
Co-authored-by: Werner Lewis <werner.wmlewis@gmail.com>
Co-authored-by: Minos Galanakis <minos.galanakis@arm.com>

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Janos Follath
ca5688e10c Improve coding style
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
Co-authored-by: Werner Lewis <werner.wmlewis@gmail.com>

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Janos Follath
b7a88eca42 Bignum: Apply naming conventions
Numbers:

- A, B for mbedtls_mpi_uint* operands
- a, b for mbedtls_mpi_uint operands
- X or x for result
- HAC references where applicable

Lengths:

- Reserve size or length for length/size in bytes or byte buffers.
- For length of mbedtls_mpi_uint* buffers use limbs
- Length parameters are qualified if possible (eg. input_length or
  a_limbs)

Setup functions:

- The parameters match the corresponding structure member's name
- The structure to set up is a standard lower case name even if in other
  functions different naming conventions would apply

Scope of changes/conventions:

- bignum_core
- bignum_mod
- bignum_mod_raw

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Janos Follath
6b8a4ad0d8 Bignum: update const qualifiers
While at it, mark parameters based on their role.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Neil Armstrong
ecaba1c9b2 Make use of PSA crypto hash if MBEDTLS_MD_C isn't defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-19 11:49:22 +02:00
Neil Armstrong
0d76341eac Remove md_info by md_type in ecjpake context, use mbedtls_hash_info_get_size() to get hash length
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-19 11:49:22 +02:00
Przemek Stekiel
bc3906c58f pem_pbkdf1(): optimize psa version
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:36:57 +02:00
Przemek Stekiel
bf01c64e9d oid.c: unify dependencies (VIA_MD_OR_PSA->VIA_LOWLEVEL_OR_PSA)
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing reference -> drivers ***
   x509parse: total 723; skipped  89 ->  89
   x509write: total  41; skipped   3 ->   3
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
4146525ce9 Fix compilation guard (comment)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
0cd6f08e6f pem.c: fix style issues (redundant spaces)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
d23a4efe2c pem.c: remove redundant compilation guard
If MBEDTLS_MD5_C is not defined MBEDTLS_USE_PSA_CRYPTO must be defined due to PEM_RFC1421.

*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing reference -> drivers ***
   x509parse: total 723; skipped  89 ->  89
   x509write: total  41; skipped   3 ->   3
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
c410ccc528 Include psa/crypto.h in legacy_or_psa.h
It is needed for PSA_WANT_ALG_xxxx symbols

*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing reference -> drivers ***
   x509parse: total 723; skipped  89 ->  89
   x509write: total  41; skipped   3 ->   3
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
4092ff9ba9 pem.c: add internal macro to increase code readability
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing reference -> drivers ***
   x509parse: total 723; skipped  89 ->  89
   x509write: total  41; skipped   3 ->   3
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
829e97d029 Fix include order
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
76b753bbb7 Change the dependencies in pem.c to xxx_BASED_ON_USE_PSA and related files
This is done to be able to bild test_psa_crypto_config_accel_hash component where MD5 is only available accelerated (PSA_WANT_ALG_MD5 is enabled and MBEDTLS_MD5_C is disabled) but MBEDTLS_USE_PSA_CRYPTO is disabled.
So the build should not attempt to enable pem_pbkdf1.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
81799fd9d8 pem.c, test_suite_pem: fix dependency MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA->MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing reference -> drivers ***
   x509parse: total 723; skipped  89 ->  89
   x509write: total  41; skipped   3 ->   3
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
be92bee58a pem.c: Fix conditional compilation flags
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
a68d08f7d1 pem.c: adjust for bulid without md
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
de81028f00 Adjust dependencies in library/oid.c
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
fd18366965 Adjust declared dependencies in library/x509*
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Ronald Cron
f3f6b0a5c3
Merge pull request #6123 from yuhaoth/pr/finialize-tls13-serialize_session_save_load
TLS 1.3:finalize tls13 serialize session save and load
2022-08-19 08:16:05 +02:00
Leonid Rozenboim
70dfd4c8ac ssl_tls12_server: fix potential NULL-dereferencing if local certificate was not set.
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-08-18 14:39:37 -07:00
Tom Cosgrove
583816caaf Be explicit about constant time bignum functions that must take a 0 or 1 condition value
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-18 14:09:18 +01:00
Dave Rodgman
92cd8642fa
Merge pull request #6090 from hanno-arm/fix_bnmul_arm_v7a
Remove encoding width suffix from Arm bignum assembly
2022-08-18 08:48:03 +01:00
Jerry Yu
e28d9745a1 fix coding style issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-18 15:44:03 +08:00
Jerry Yu
3419107e8d Add checks for ticket and resumption_key fields
From RFC 8446 and the definition of session, we
should check the length.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-18 11:28:41 +08:00
Dave Rodgman
86c333e79e Add explicit cast to satisfy compiler
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 16:57:26 +01:00
Jerry Yu
e36fdd676c Change signature of tls13_session_save
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-17 21:50:25 +08:00
Dave Rodgman
392f714153 Fix type used for capturing TLS ticket generation time
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 12:38:24 +01:00
Dave Rodgman
a7448bf19d
Merge pull request #6141 from mpg/driver-hashes-rsa-v21
Driver hashes rsa v21
2022-08-16 09:52:39 +01:00
Janos Follath
cc93908b88 Bignum: Declare loop variable in loop head
In the new bignum files (bignum_core.c, bignum_mod_raw.c and
bignum_mod.c) the loop variables are declared in the loop head wherever
this change is beneficial.

There are loops where the loop variable is used after the end of the
loop (this might not be good practice, but that is out of scope for this
commit) and others where there are several loop variables and declaring
them there would hurt readability.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-15 12:08:49 +01:00
Janos Follath
620c58ced9 Bignum: make const placement consistent
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-15 11:58:42 +01:00
Janos Follath
ed5c8d3d1e Bignum: make modulus value const
The modulus value won't change during normal operations, make this clear
in the struct and the function signatures.

This won't prevent the caller from modifying the passed buffer, but
might give a hint and reinforces the message of the documentation.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-15 11:50:22 +01:00
Janos Follath
138f51c5c8 Fix alphabetic order in makefiles
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-15 11:38:30 +01:00
Gabor Mezei
fd65e82753
Rename structure elements
Use better names for structure elements and adopting the convention of
the other modules.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 18:09:12 +02:00
Gabor Mezei
c414ba3fc0
Simplify code
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 17:59:53 +02:00
Gabor Mezei
5a5c0c5f0a
Move the declaration of variables to their scope of usage
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 15:40:09 +02:00
Gabor Mezei
7f93264ab1
Change struct element order
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 15:37:27 +02:00
Gabor Mezei
89e31460db
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 15:36:56 +02:00
Dave Rodgman
7b1be55484
Merge pull request #5993 from eliteraspberries/android-soname
Allow non-versioned library soname.
2022-08-12 13:49:55 +01:00
Gabor Mezei
5f56df44f0
Remove redundant check
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 14:41:54 +02:00
Gabor Mezei
bf9da1dfb1
Do not read if output pointer is NULL
Skip reading if output pointer is NULL even if the length of the input buffer is 0.
The memory sanitizer will mark this as an error.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 14:11:56 +02:00
Mansour Moufid
6a8673092f Allow non-versioned library soname.
Signed-off-by: Mansour Moufid <mansourmoufid@gmail.com>
2022-08-12 11:02:01 +01:00
Janos Follath
6318468183 Improve bignum documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 17:42:59 +01:00
Janos Follath
a30b4e5692 Bignum: remove duplicate documentation from source
These functions have full documentation in the header. Maintaing two
copies does not worth the effort and having an out of sync reduced
duplicate is not helpful.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 17:15:18 +01:00
Janos Follath
2ab2d3e3e9 Inline mpi_core_clear()
This used to resize MPIs in the legacy interface, which is not
needed/possible as the new interface has fixed size MPIs.

Inlining this function makes the code easier to read and maintain, while
there is no obvious drawback to it.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 16:16:49 +01:00
Janos Follath
56a10f97ba Bignum: remove unnecessary NULL pointer checks
A null pointer dereference, or null pointer plus small offset, is a
clean runtime error in most environments. So it's not particularly
useful to protect against this.

While at it make a null pointer check that is actually necessary more
robust.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 15:19:00 +01:00
Janos Follath
296ea66442 Bignum: clean up use of enums
- Made use of enums in struct and function declaration
- All enums are handled by switch case now
- If the switch does nothing on default, omit the default case to make
  compiler warnings more powerful
- The two enums are now disjoint and the value 1 is skipped to make
  mistakes easier to detect

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 14:58:29 +01:00
Jerry Yu
5c28e7aa0e remove psk key when ephemeral selected
ephemeral is selected, `handshake->psk` must be removed.
Otherwise the encrypt key will be caculate fail.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
56acc9421c Write key_share base on key_exchange mode.
In ServerHello, write key share should base on key_exchange mode, not
base on configuration.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
f0bad2554a Continue check next psk key when binder mismatch
with matched identity and mismatch binder, should check next psk key.
Exit with error will break multi-psk cases.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
32e1370fbc Add config check for pre_shared_key parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
e95c8af266 Align ciphersuite with psk key
With OpenSSL and GnuTLS client, if the MAC of ciphersuite
does not match selected binder, client will reject connection.
This change is to select ciphersuite base on algo of psk binder.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
ccc68a466e change handshake psk key type for tls13
PSK key type of TLS1.3 must be HKDF_EXTRACT and the algo is
decided when create binder

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Ronald Cron
295d93ebe8 Add psk handshake with gnutls
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
40f3771e18 Add handshake psk export function.
Rename `ssl_tls13_get_psk` and export the
function.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Przemek Stekiel
71bf28bb34 Fix include file path
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Przemek Stekiel
f98b57f231 Initialize status/ret to error value
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Przemek Stekiel
2aae040615 make ret_from_status() global function and move it to has_info.[ch]
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Przemek Stekiel
712bb9c5af Use more suitable function for checking if hash is supported
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
79b99f47a1 Fix definition of MD_OR_PSA macros
The code will make the decision based on availability of MD, not of
MD+this_hash. The later would only be possible at runtime (the hash
isn't known until then, that's the whole point of MD), so we'd need to
have both MD-based and PSA-based code paths in a single build, which
would have a very negative impact on code size. So, instead, we choose
based on the presence of MD, which is know at compile time, so we only
have one of the two code paths in each build.

Adjust the macros so that they match the logic of the code using them.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
077ba8489d PKCS#1 v2.1 now builds with PSA if no MD_C
Test coverage not there yet, as the entire test_suite_pkcs1_v21 is
skipped so far - dependencies to be adjusted in a future commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
faa3b4e0c3 Get rid of md_info outside helper functions
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
35c09e4824 Introduce compute_hash() function
This allows callers not to worry with md_info and makes it easier to
provide a PSA version for when MD_C is not available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
f701acc088 Extract common code into hash_mprime()
This will also make it easier to provide a PSA-based version for when MD
is not available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
f3a6755450 Simplify callers of mgf_mask()
Some of them no longer need md_ctx, some of those no longer need the
exit dance that was used to free it, or need it on a smaller scope.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
259c213545 Tune API of internal function mgf_mask in RSA
This is a first step towards making a version of this function that
uses PSA when MD is not available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Dave Rodgman
8a9f88899d
Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code
ssl_tls: avoid the appearance of a potential NULL dereferencing
2022-08-11 10:12:34 +01:00
kXuan
9ac6b28e27
ctr_drbg: remove mbedtls_aes_init call from mbedtls_ctr_drbg_seed
Since 11e9310 add mbedtls_aes_init call in mbedtls_ctr_drbg_init, it
should not init aes_ctx again in mbedtls_ctr_drbg_seed.

Signed-off-by: kXuan <kxuanobj@gmail.com>
2022-08-11 16:38:45 +08:00
Janos Follath
d0895708e2 Bignum: move internal constants to headers
Now that the check_names script allows it, we can do so.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-10 13:32:16 +01:00
kXuan
11e9310fd1
ctr_drbg: fix free uninitialized aes context
Application may enabled AES_ALT and define mbedtls_aes_context by its own.
The initial state of user-defined mbedtls_aes_context may not all byte zero.

In mbedtls_ctr_drbg_init, the code set all byte to zero, including the AES
context nested in the ctr_drbg context.

And in mbedtls_ctr_drbg_free, the code calls mbedtls_aes_free on an AES
context without calling mbedtls_aes_init.

If user-defined AES context requires an non-zero init, the mbedtls_aes_free
call in mbedtls_ctr_drbg_free is illegal.

This patch fix this issue by add mbedtls_aes_init in mbedtls_ctr_drbg_init.

So aes context will always be initialized to correct state.

Signed-off-by: kXuan <kxuanobj@gmail.com>
2022-08-10 16:43:28 +08:00
Leonid Rozenboim
e9d8dcdbf5 ssl_tls: avoid the appearance of a potential NULL dereferencing
Looking at the bigger picture it is clear that if `ssl->session` is NULL,
there will be a failure much earlier, and that is well protected from,
however, the practice of dereferencing a pointer which has not been
verified in prior for validity goes against secure coding practices.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-08-09 12:34:30 -07:00
Janos Follath
c47c0569d4 Remove VALIDATE macros from bignum_core.c
They are deprecated and are declared to be empty anyway.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 13:54:43 +01:00
Janos Follath
d1baedb786 Bignum: extract bignum_mod.h functions
Extract functions declared in bignum_mod.h into a source file with a
matching name.

We are doing this because:

- This is a general best practice/convention
- We hope that this will make resolving merge conflicts in the future
  easier
- Having them in a unified source file is a premature optimisation at
  this point

This makes library/bignum_new.c empty and therefore it is deleted.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 13:44:53 +01:00
Janos Follath
0ded631879 Bignum: extract bignum_mod_raw.h functions
Extract functions declared in bignum_mod_raw.h into a source file with a
matching name.

We are doing this because:

- This is a general best practice/convention
- We hope that this will make resolving merge conflicts in the future
  easier
- Having them in a unified source file is a premature optimisation at
  this point

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 13:34:54 +01:00
Janos Follath
3ca0775e59 Bignum: extract bignum_core.h functions
Extract functions declared in bignum_core.h into a source file with a
matching name.

We are doing this because:

- This is a general best practice/convention
- We hope that this will make resolving merge conflicts in the future
  easier
- Having them in a unified source file is a premature optimisation at
  this point

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 11:45:47 +01:00
Dave Rodgman
f421d45869
Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype
Fix build error due to  missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled
2022-08-09 11:27:42 +01:00
Dave Rodgman
953ce3962f
Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12
Add rsa pss rsae for tls12
2022-08-09 10:21:45 +01:00
Janos Follath
dae1147596 Improve Bignum documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-08 11:50:02 +01:00
Janos Follath
8ff0729dd7 Fix typos in Bignum documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-08 08:39:52 +01:00
Gabor Mezei
6666914b76 Revert "Move Bignum macros to common header"
This reverts commit 62c5901f0a5061a8825e19c77f88c91fea235078.

Reverting commit due the macros are meant to be local and not following the
naming convention.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:10:51 +01:00
Gabor Mezei
37b06360b3 Add documentation for new bignum functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:10:51 +01:00
Gabor Mezei
c0b9304f92 Use value as numerical value instead of bitfield value
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:08:53 +01:00
Gabor Mezei
d8f5bc2d3d Free the correct struct element
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:08:53 +01:00
Gabor Mezei
535f36d203 Unify parameter naming
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:08:53 +01:00
Gabor Mezei
e66b1d47ed Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
8b718b5a66 Add bounds check to residue input
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
23bdeca64d Add core constant time comparison
Unfortunately reusing the new function from the signed constant time
comparison is not trivial.

One option would be to do temporary conditional swaps which would prevent
qualifying input to const. Another way would be to add an additional
flag for the sign and make it an integral part of the computation, which
would defeat the purpose of having an unsigned core comparison.

Going with two separate function for now and the signed version can be
retired/compiled out with the legacy API eventually.

The new function in theory could be placed into either
`library/constant_time.c` or `library/bignum_new.c`. Going with the
first as the other functions in the second are not constant time yet and
this distinction seems more valuable for new (as opposed to belonging to
the `_core` functions.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
5f016650d7 Reuse Bignum core I/O functions
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
91dc67d31c Allow (NULL, 0) as a representation of 0
- We don't check for NULL pointers this deep in the library
- Accessing a NULL pointer when the limb number is 0 as a mistake is the
  very similar to any other out of bounds access
- We could potentially mandate at least 1 limb representation for 0 but
  we either would need to enforce it or the implementation would be less
  robust.
- Allowing zero limb representation - (NULL, 0) in particular - for zero
  is present in the legacy interface, if we disallow it, the
  compatibility code will need to deal with this (more code size and
  opportunities for mistakes)

In summary, interpreting (NULL, 0) as the number zero in the core
interface is the least of the two evils.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
4670f88991 Reuse Bignum helper functions
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
4614b9ad1b Move Bignum macros to common header
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
f1d617deb8 Add tests for big endian core I/O
The test case where there were extra limbs in the MPI failed and this
commit contains the corresponding fix as well. (We used to use the
minimum required limbs instead of the actual limbs present.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:06:31 +01:00
Janos Follath
ba5c139e4c Add more validation to modulus life cycle
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:03:56 +01:00
Janos Follath
281ccda8a5 Clean up mpi_mod_init/free
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:03:56 +01:00
Janos Follath
5005edb36c Fix typos
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:03:56 +01:00
Gabor Mezei
c5328cf9a6 Add a set of I/O functions for the modulus structure
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:03:56 +01:00
Gabor Mezei
b903070cec Add a set of I/O functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:03:56 +01:00
Gabor Mezei
0c655572dc Build the new bignum_new.c file
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:03:56 +01:00
Gabor Mezei
f049dbfe94 Add the new modulus and the residue structures
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:03:56 +01:00
Gilles Peskine
b3edc1576c
Merge pull request #2602 from edsiper/crt-symlink
x509_crt: handle properly broken links when looking for certificates
2022-08-03 13:05:29 +02:00
Gilles Peskine
07e7fe516b
Merge pull request #6088 from tuvshinzayaArm/validation_remove_change_curve
Validation remove and change in files related to curve in library
2022-08-03 13:05:16 +02:00
Gilles Peskine
7e1ee0f04b
Merge pull request #6114 from mman/development
Use double quotes to include private header file psa_crypto_cipher.h
2022-08-03 13:04:57 +02:00
Martin Man
4741e0b56c Use double quotes to include private header file psa_crypto_cipher.h
Signed-off-by: Martin Man <mman@martinman.net>
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
2022-08-02 12:44:35 +02:00
Aditya Patwardhan
3096f331ee Fix missing prototype warning when MBEDTLS_DEPRECATED_REMOVED is
enabled

Added the changelog.d entry

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-08-02 11:15:18 +05:30
Dave Rodgman
919ff15ecf
Merge pull request #4686 from Kazuyuki-Kimura/patch_#2020
Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined
2022-07-29 17:08:11 +01:00
Dave Rodgman
27036c9e28
Merge pull request #6142 from tom-cosgrove-arm/fix-comments-in-docs-and-comments
Fix a/an typos in doxygen and other comments
2022-07-29 12:59:05 +01:00
Jerry Yu
c3bf748dc7 fix vertical alignment
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-29 10:27:17 +08:00
Jerry Yu
09a99fcf8a Add rsa_pss_rsae_* sig algos for tls12 default
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
379b1ff3a5 remove useless comment
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
95b743ca17 Rename get_pk_type_and_md_alg
The function is for both tls12 and tls13 now.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
693a47ab1d add rsa_pss_rsae_* support in tls12
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Tuvshinzaya Erdenekhuu
86669de348 Broke 2 long lines
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-28 10:31:16 +01:00
Dave Rodgman
aba26d0099
Merge pull request #5963 from tom-daubney-arm/remove_ssl_compression_new
Remove use of SSL session compression
2022-07-28 10:28:23 +01:00
Manuel Pégourié-Gonnard
f6b8c3297a
Merge pull request #6065 from mpg/explore2
Driver-only hashes: RSA 1.5 and PK + strategy doc
2022-07-28 10:43:38 +02:00
Tom Cosgrove
ce7f18c00b Fix a/an typos in doxygen and other comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-28 05:50:56 +01:00
Manuel Pégourié-Gonnard
68429fc44d Fix a few more typos
Update link while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-27 20:44:02 +02:00
Tuvshinzaya Erdenekhuu
22f3654324 Remove NULL pointer validation in ecp.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-27 15:21:48 +01:00
Tuvshinzaya Erdenekhuu
a891f83803 Re-introduce ENUM validation in ecjpake.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-27 15:20:08 +01:00