yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
20283 commits 1 branch 0 tags 94 MiB
Commit graph

8956 commits

Author SHA1 Message Date
Jerry Yu
93a13f2c38 Share magic word of HRR 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:48:59 +08:00
Jerry Yu
67a2c37039 tls13:hrr:add empty frame work 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:48:59 +08:00
XiaokangQian
aad9b0a286 Update code base on comments 
Change-Id: Ibc5043154515d2801565a2b99741dfda1344211c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-09 01:11:21 +00:00
XiaokangQian
a987e1d2f8 Change state machine after encrypted extension and update cases 
Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
ec6efb98bc Change variable name to output_len 
Change-Id: I0f8a40da9782b2ec7af7e6f1faf1ac5c7e589418
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
cec9ae6259 Change the code places of CERTIFICATE_REQUEST 
Change-Id: I3aa293184fea4f960782675bdd520256c808bd4e
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
45c22201b3 Update test cases and encrypted extension state set 
Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
2f150e184f Update status and add test cases for client certificate request 
Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
1f1f1e3372 Temp change to align with client/server hello style 
Change-Id: I8befbbcb5d6f7fdb230022825dcb856e19d9bec0
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
9dc4450647 Fix commets issue about coding styles 
Change-Id: I930a062e137562e0b129b9b9b191e5c864f8104d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
eaf3651e31 Rebase and solve conflicts 
Change handshake_msg related functions
Share the ssl_write_sig_alg_ext

Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
Xiaofei Bai
5ee73d84a9 Address review comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-05-07 01:37:04 +00:00
Xiaofei Bai
9ca09d497f Add writing CertificateRequest msg on server side 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-05-07 01:37:04 +00:00
Pol Henarejos
b101cb6111
Since the group is unloaded for all curves, it is better to initialize the group also for all curves. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-06 18:43:58 +02:00
Ronald Cron
25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext 
TLS1.3: add writing encrypted extensions on server side.
 2022-05-06 13:54:45 +02:00
Przemek Stekiel
c1e41bb2b5 rsa.c: remove redundant include of md.h 
rsa.c includes rsa.h that includes md.h

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 11:42:18 +02:00
Przemek Stekiel
ef1fb4a3d3 Deprecate mbedtls_cipher_setup_psa() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 10:55:10 +02:00
Jerry Yu
ef2b98a246 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-06 16:40:05 +08:00
Jerry Yu
f86eb75c58 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-06 11:16:55 +08:00
Pol Henarejos
aa68d36234
Fix order value for curve x448. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 19:22:29 +02:00
Neil Armstrong
8ecd66884f Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-05 14:01:49 +02:00
Jerry Yu
e110d258d9 Add set outbound transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-05 19:59:59 +08:00
Werner Lewis
e59a531455 Fix memcpy() UB in mbedtls_asn1_named_data() 
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-05-04 11:45:06 +01:00
Neil Armstrong
80f6f32495 Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
044a32c4c6 Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
cd05f0b9e5 Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
e952a30d47 Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
61f237afb7 Remove PSA-only code dealing with non-opaque PSA key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
501c93220d Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
b743d95051 Do not erase input key in psa_tls12_prf_psk_to_ms_set_key() 
When ALG_TLS12_PSK_TO_MS() is used, first derivation is correct
but the following derivations output data is incorrect.

This is because input key is erased in psa_tls12_prf_psk_to_ms_set_key()
since commit 03faf5d2c1.

Fixes: 03faf5d2c1 ("psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage")
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:06:22 +02:00
Neil Armstrong
30beca35f1 Guard pk_opaque_rsa_decrypt() with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 
Then mbedtls_pk_error_from_psa_rsa() also needs to be guarded with
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR to be used by pk_opaque_rsa_decrypt()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:02:37 +02:00
Jerry Yu
9da5e5a2f2 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 15:46:09 +08:00
Jerry Yu
de66d12afc remove out couter reset 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 12:15:19 +08:00
Jerry Yu
39730a70cd remove variable initial 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 12:14:04 +08:00
Jerry Yu
8937eb491a fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 12:12:14 +08:00
Neil Armstrong
6c26adc900 Do not make pk_opaque_rsa_decrypt() depend on MBEDTLS_RSA_C 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-02 14:43:04 +02:00
Neil Armstrong
1082818003 Implement PK Opaque RSA decrypt 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-02 09:14:58 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque 
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
 2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx 
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
 2022-04-29 10:47:16 +02:00
Przemek Stekiel
169bf0b8b0 Fix comments (#endif flags) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-29 07:53:29 +02:00
Neil Armstrong
a1fc18fa55 Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-28 13:27:59 +02:00
Gilles Peskine
8855e36030
Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup 
Cipher cleanup: abstract TLS mode
 2022-04-28 12:33:38 +02:00
Przemek Stekiel
8a4b7fd7c3 Optimize code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-28 10:21:03 +02:00
Jerry Yu
ab452cc257 fix name issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-28 15:27:08 +08:00
Przemek Stekiel
8abcee9290 Fix typos 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-28 09:16:28 +02:00
Neil Armstrong
2230e6c06d Simplify PSA transform->ivlen set in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-27 10:36:14 +02:00
Neil Armstrong
3bf040ed70 Reorganize PSA/!PSA code in mbedtls_ssl_ticket_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-27 10:35:28 +02:00
Gilles Peskine
301711e96e Simplify mbedtls_ssl_get_base_mode 
Reduce the amount of ifdef's by making the USE_PSA_CRYPTO and
non-USE_PSA_CRYPTO definitions independent.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-27 10:28:55 +02:00
Gilles Peskine
e108d987ea Simplify mbedtls_ssl_get_mode 
Reduce the imbrications between preprocessor directives and C instructions.
Handle encrypt-then-mac separately.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-27 10:28:55 +02:00
Jerry Yu
4d3841a4d1 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-25 19:41:47 +08:00
Xiaofei Bai
cba64af50d TLS1.3: add writing encrypted extensions 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-04-25 19:41:47 +08:00
Ronald Cron
eecd0d2fc3
Merge pull request #5679 from yuhaoth/pr/add-tls13-write-server-hello 2022-04-25 09:28:40 +02:00
Jerry Yu
e65d801580 fix undeclare error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-23 10:34:35 +08:00
Biswapriyo Nath
d7e0ee42b8 cmake: Fix runtime library install location in mingw 
This install DLLs in bin directory instead of lib.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
 2022-04-22 20:59:50 +05:30
Biswapriyo Nath
0f2e87bdf5 cmake: Use GnuInstallDirs to customize install directories 
Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable.
For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
 2022-04-22 20:59:28 +05:30
Gilles Peskine
2f8c2a5fc5
Merge pull request #5753 from tom-cosgrove-arm/fix-missing-prototypes-warnings-a64-sha256-sha512 
Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration
 2022-04-22 16:45:23 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap 
Improve benchmarking of ECC heap usage
 2022-04-22 16:43:11 +02:00
Jerry Yu
955ddd75a3 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 22:27:33 +08:00
Przemek Stekiel
99114f3084 Fix build flags for opaque/raw psk checks 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:34 +02:00
Przemek Stekiel
cb322eac6b Enable support for psa opaque DHE-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel
b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel
14d11b0877 Enable support for psa opaque ECDHE-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:53:55 +02:00
Przemek Stekiel
19b80f8151 Enable support for psa opaque ECDHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel
51a1f36be0 setup_psa_key_derivation(): change salt parameter to other_secret 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel
aeb710fec5 Enable support for psa opaque RSA-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel
f2534ba69b tls12_client: skip PMS generation for opaque RSA-PSK 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Przemek Stekiel
c2033409e3 Add support for psa rsa-psk key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Przemek Stekiel
ae4ed30435 Fix naming: random bytes are the seed (not salt) in derivation process 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Przemek Stekiel
1f02703e53 setup_psa_key_derivation(): add optional salt parameter 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Manuel Pégourié-Gonnard
55132c6a9a
Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context 
TLS ECDH 4: remove legacy context
 2022-04-22 14:27:06 +02:00
Neil Armstrong
76b7407bd7 Use MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM to enable ssl_write_encrypt_then_mac_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
f2c82f0a3b Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
ccc074e44d Use correct condition to use encrypt_then_mac in ssl_tls.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
d1be7674a4 Use PSA_BLOCK_CIPHER_BLOCK_LENGTH instead of PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
6b27c97a91 Rename mbedtls_get_mode() to mbedtls_ssl_get_mode() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
ab555e0a6c Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
858581e81a Remove cipher_info in mbedtls_ssl_ticket_setup() when USE_PSA_CRYPTO is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
a0eeb7f470 Remove cipher_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
7fea33ea4d Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
fe635e42c9 Use mbedtls_get_mode_from_ciphersuite() in server-side ssl_write_encrypt_then_mac_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
4bf4c8675f Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
136f8409df Replace PSA/Cipher logic with mbedtls_get_mode_from_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:26 +02:00
Neil Armstrong
8a0f3e8cf0 Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:26 +02:00
Jerry Yu
a09f5e98ef fix build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:46:03 +08:00
Jerry Yu
cfc04b3541 Update comments in write server hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:02 +08:00
Jerry Yu
e74e04af1a Rename write supported_versions ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:02 +08:00
Jerry Yu
d9436a1baa remove guards for write_key_share 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:02 +08:00
Jerry Yu
57d4841eda fix write key_share issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:02 +08:00
Jerry Yu
637a3f1090 fix various issues 
typo issue, variable `ret` init value
and remove finalize_server_hello

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
1c3e688df1 fix comments issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
349a61388b fix write selected_version fail 
And rename write_supported_versions to
write selected_version

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
fb9f54db8c fix comments issue 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
89e103c54c tls13: Share write ecdh_key_exchange function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
3bf2c6449d tls13: write server hello compile pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
56404d70c4 tls13:server:Add finalize write_server_hello and dummy body 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
f4b27e4351 tls13:server:Add prepare write_server_hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
5b64ae9bad tls13:server:Add base framework for serverhello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server 
Add client hello into server side
 2022-04-22 10:26:00 +02:00
XiaokangQian
e8ff350698 Update code to align with tls13 coding standard 
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-22 02:34:40 +00:00
Leonid Rozenboim
287527042b Avoid potentially passing NULL arguments 
Several call sites flagged by Coverity that may potentially cause
a pointer argument to be NULL.

In two cases the issue is using a function call as a parameter to
a second function, where the first function may return NULL, while
the second function does not check for the NULL argument value.

Remaining case is when static configuration is mixed with run-time
decision, that could result in a data buffer argument being NULL.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-04-21 18:00:52 -07:00
Manuel Pégourié-Gonnard
70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2 
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
 2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard
90c70146b5
Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign 
RSA-PSS sign 1: PK
 2022-04-21 17:11:18 +02:00
XiaokangQian
4d3a60475c Change default config version to development style 
Change-Id: I9c1088f235524211e727d03b96de8d82e60bd426
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 13:46:17 +00:00
XiaokangQian
4e8cd7b903 Remove useless selected_group 
Change-Id: I5fb76b5bf4b22d0231c17314783781f9e7c309a3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 13:30:18 +00:00
Neil Armstrong
13e76be02b Reorganize & simplify mbedtls_pk_sign_ext() handling of wrapped RSA-PSS 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-21 12:08:52 +02:00
Przemek Stekiel
4e47a91d2e Fix indentation issues 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel
03faf5d2c1 psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel
937b90febf Add null check for pms allocation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel
e47201b34a rename: psa_tls12_prf_set_other_key->psa_tls12_prf_psk_to_ms_set_other_key and adapt code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel
2503f7e4cb Handle empty other secret when passed with input bytes 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
XiaokangQian
060d867598 Update parse_key_share in server side and version config 
Change-Id: Ic91c061027d0ee4dca2055df21809cbb4388f3ef
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 09:24:56 +00:00
XiaokangQian
0a1b54ed73 Minor change the place of some functions 
Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 03:01:38 +00:00
XiaokangQian
75d40ef8cb Refine code base on review 
Remove useless hrr code
Share validate_cipher_suit between client and server
Fix test failure when tls13 only in server side

Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 11:05:24 +00:00
XiaokangQian
318dc763a6 Fix test failure issue and update code styles 
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 09:43:51 +00:00
XiaokangQian
de33391fa0 Rebase and solve conflicts 
Change-Id: I7f838ff5b607fe5e6b68d74d0edc1def8fc9a744
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 08:49:42 +00:00
XiaokangQian
0803755347 Update code base on review comments 
Refine named_group parsing
Refine cipher_suites parsing
Remove hrr related part
Share code between client and server side
Some code style changes

Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:50:14 +00:00
XiaokangQian
17f974c63e Re-order the ciphersuite matching code in parse_client_hello 
Change-Id: I16d11bca42993d4abc2a1b19fa087366c591927c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
84823779ce Only store the first group in ssl_tls13_parse_supported_groups_ext() 
Change-Id: I4427149aeb6eb453150e522e4c7b11187e2e3825
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
3f84d5d0cd Update test cases and fix the test failure 
Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
b67384d05c Fix coding style and comments styles 
Change-Id: Ifa37a3288fbb6b5206fc0640fa11fa36cb3189ff
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
f8ceb94fe7 Fix the parse_sig_alg_ext fail issue 
Change-Id: Ib31e0929c5b6868ab6c3023b20472321fc07ba3c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
8f9dfe41c0 Fix comments about coding styles and test cases 
Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8 Fix comments and remove hrr related code 
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
ed582dd023 Update based on comments 
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello

Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
4080a7f687 Change code style and some share functions 
Change variables and functions name style
Refine supported_version
Refine client hello parse

Change-Id: Iabc1db51e791588f999c60db464326e2bdf7b2c4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
9b5d04b078 Share parse_key_share() between client and server 
Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
c4b8c99a38 Rebase and solve conflicts and issues 
Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
8840888fbc Fix some CI issues 
Change-Id: I68ee024f29b7b8dd586f2c45e91950657e76bad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
c5763b5efd Change some code style 
Change-Id: I67bb642e81693489345867ca87d7e9daa22f83ea
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
3207a32b1e Fix unused parameter issue and not defined cookie issue 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
7ac3ab3404 Add hello retry request count for server 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
a9c58419f2 Fix compile and test issues 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
7807f9f5c9 Add client hello into server side 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
Ronald Cron
fd8cbda3ec Remove ECDH code specific to TLS 1.3 
ECDH operations in TLS 1.3 are now done through PSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-04-19 18:31:24 +02:00
Ronald Cron
fd6193c285 ssl_tls13_client: Add downgrade attack protection 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-04-19 18:31:24 +02:00
Ronald Cron
217d699d85 Fix Doxygen marks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-04-19 18:28:51 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers 
Unify internal/external TLS protocol version enums
 2022-04-19 17:05:26 +01:00
Tom Cosgrove
c144ca6473 Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration 
Fixes #5752

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-04-19 13:52:24 +01:00
Hanno Becker
606cb1626f Add comment explaining structure of UMAAL assembly 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-17 06:59:33 +01:00
Hanno Becker
d46d96cc3f Add 2-fold unrolled assembly for umaal based multiplication 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-17 06:19:55 +01:00
Hanno Becker
63eb28c728 Use separate counters for 8-fold and single multiplication steps 
Compilers are likely to generate shorter assembly for loops of the
form `while( cnt-- ) { ... }` rather than
`for( ; count >= X; count -= X ) { ... }`. (E.g. the latter needs
a subtract+compare+branch after each loop, while the former only
needs decrement+branch).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-17 06:16:03 +01:00
Hanno Becker
eacf3b9eb4 Simplify organization of inline assembly for bignum 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-17 06:16:03 +01:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail 
PSA: systematically test operation failure
 2022-04-15 10:52:47 +02:00
Manuel Pégourié-Gonnard
63ed7cbf36
Merge pull request #5701 from hanno-arm/mpi_mul_hlp 
Make size of output in mpi_mul_hlp() explicit
 2022-04-15 10:09:06 +02:00
Glenn Strauss
8315811ea7 Remove restrictive proto ver negotiation checks 
Overly restrictive protocol version negotiation checks might be
"version intolerant".  TLS 1.3 and DTLS 1.3 move the version to
the "supported_versions" ClientHello extension.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
bbdc83b55b Use mbedtls_ssl_protocol_version in public structs 
Use mbedtls_ssl_protocol_version in public structs, even when doing
so results in a binary-incompatible change to the public structure

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
cd78df6aa4 handshake->min_minor_ver to ->min_tls_version 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
041a37635b Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks 
mbedtls no longer supports earlier TLS protocol versions

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version 
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d mbedtls_ssl_config min_tls_version, max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).

New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:39:43 -04:00
Glenn Strauss
da7851c825 Rename mbedtls_ssl_session minor_ver to tls_version 
Store the TLS version instead of minor version number in tls_version.

Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms.  The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.

Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:23:57 -04:00
Glenn Strauss
07c641605e Rename mbedtls_ssl_transform minor_ver to tls_version 
Store the TLS version in tls_version instead of minor version number.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:23:54 -04:00
Glenn Strauss
dff84620a0 Unify internal/external TLS protocol version enums 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 13:45:20 -04:00
Hanno Becker
3577131bb4 Reintroduce trimming of input in mbedtls_mpi_mul_int() 
Removing the trimming has significant memory impact. While it is clearly what
we want to do eventually for constant-time'ness, it should be fixed alongside
a strategy to contain the ramifications on memory usage.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-14 11:52:11 +01:00
Neil Armstrong
769dc05597 Remove bad dependency on MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED for ecdh_ctx guard 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-14 09:56:24 +02:00
Neil Armstrong
282750215c Remove PSA only code from non-PSA code block code in ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 15:05:11 +02:00
Neil Armstrong
11d4945248 Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 15:03:43 +02:00
Neil Armstrong
1f198d8dee Simplify by moving ssl_check_server_ecdh_params in the ECDHE non-PSA compile-time block 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 15:02:30 +02:00
Neil Armstrong
913b364a52 Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 14:59:48 +02:00
Manuel Pégourié-Gonnard
6c242a01f7
Merge pull request #5634 from superna9999/5625-pk-opaque-rsa-basics 
PK Opaque RSA sign
 2022-04-13 09:55:42 +02:00
Hanno Becker
0dbf04a9a6 Remove unnecessary memory operations in p25519 quasireduction 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-13 07:26:53 +01:00
Hanno Becker
1772e05fca Reduce the scope of local variable in mbedtls_mpi_mul_mpi() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-13 07:26:53 +01:00
Hanno Becker
da763de7d0 Revert "Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi()" 
This reverts commit 808e666eee.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-13 07:26:42 +01:00
Hanno Becker
127fcabb21 Fail gracefully upon unexpectedly large input to p25519 reduction 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 22:18:36 +01:00
Neil Armstrong
62d452baac Implement PK Opaque RSA PSS signature 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 15:11:49 +02:00
Neil Armstrong
f3f46416e3 Remove ecdh_ctx variable, init & free when USE_PSA_CRYPTO isn't selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 14:43:39 +02:00
Neil Armstrong
3ea01498d8 Store TLS1.2 ECDH point format only when USE_PSA_CRYPTO isn't selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 14:41:50 +02:00
Neil Armstrong
a33a255dcf Disable non-PSA ECDHE code in mbedtls_ssl_psk_derive_premaster() when USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 14:40:47 +02:00
Neil Armstrong
d8419ff390 Refactor to make PSA and non-PSA ECDH(E) client code exclusive 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 14:39:16 +02:00
Neil Armstrong
d91526c17f Refactor to make PSA and non-PSA ECDH(E) server code exclusive 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 14:38:52 +02:00
Manuel Pégourié-Gonnard
927410ded3
Merge pull request #5611 from superna9999/5318-tls-ecdhe-psk 
TLS ECDH 3a: ECDHE-PSK (both sides, 1.2)
 2022-04-12 13:28:02 +02:00
Hanno Becker
bb04cb992f Fix check in p25519 quasi-reduction 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 11:18:11 +01:00
Hanno Becker
d830feb256 Simplify check in p25519 quasi-reduction 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 11:10:19 +01:00
Hanno Becker
2ef0cff6c3 Fix size check in p25519 modular reduction 
The check was meant to precisely catch an underflow.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 11:02:05 +01:00
Hanno Becker
0235f7512f Reduce scope of local variables in mpi_montmul() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 11:02:03 +01:00
Hanno Becker
9137b9c587 Note alternative implementation strategy in mbedtls_mpi_mul_int() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 11:01:58 +01:00
Hanno Becker
808e666eee Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 11:01:57 +01:00
Przemek Stekiel
d7a28646bc psa_tls12_prf_set_key(): add PSA_TLS12_PRF_STATE_OTHER_KEY_SET as a valid state 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-12 11:27:00 +02:00
Przemek Stekiel
a7695a2d76 psa_key_derivation_check_input_type(): handle PSA_KEY_DERIVATION_INPUT_OTHER_SECRET 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-12 11:27:00 +02:00
Przemek Stekiel
c8fa5a1bdd psa_tls12_prf_psk_to_ms_set_key(): add support for other secret input 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-12 11:26:47 +02:00
Gilles Peskine
43b0943736
Merge pull request #1946 from hanno-arm/alert_reentrant 
Make mbedtls_ssl_send_alert_message() reentrant
 2022-04-12 11:05:20 +02:00
Neil Armstrong
7624a5ae5e Allow RSA PK Opaque keys for RSA-PSS signing 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 10:09:26 +02:00
Hanno Becker
53b3c607a0 Move const keyword prior to type name 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 13:46:30 +01:00
Hanno Becker
dfcb2d084b Fix Doxygen for mbedtls_mpi_core_mla() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 13:44:15 +01:00
Hanno Becker
99ba4cc6d5 Remove Doxygen from mbedtls_mpi_core_mla() implementation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 13:44:03 +01:00
Hanno Becker
efdc519864 Reintroduce though-to-be unused variable in correct place 
The variable is a local variable for the i386 bignum assembly only;
introduce it as part of the start/finish macros.

It can be noted that the variable is initialize to 0 within MULADDC_INIT,
so there are no data dependencies across blocks of MULADDC_INIT/CORE/STOP.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 10:44:02 +01:00
Hanno Becker
5d4ceeb25c Remove const qualifier for mutable local variable in mpi_mul_hlp() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 09:46:47 +01:00
Hanno Becker
284d778d28 Address review comments 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 09:19:24 +01:00
Hanno Becker
e9dd9a1f31 Use size_t for number of limbs 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 09:06:27 +01:00
Manuel Pégourié-Gonnard
eaf3086831
Merge pull request #1133 from RonEld/1805 
Fix Shared Library compilation issue with Cmake
 2022-04-11 09:31:59 +02:00
Hanno Becker
6454993e2e Safeguard against calling p255 reduction with single-width MPI 
(In this case, there's nothing to do anyway since we only do a
quasi-reduction to N+1 limbs)

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 07:35:58 +01:00
Hanno Becker
25bb732ea7 Simplify x25519 reduction using internal bignum MLA helper 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 07:03:48 +01:00
Hanno Becker
aef9cc4f96 Rename mpi_mul_hlp -> mbedtls_mpi_core_mla and expose internally 
This paves the way for the helper to be used from the ECP module

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 07:03:43 +01:00
Gilles Peskine
e1730e492d
Merge pull request #5708 from AndrzejKurek/timeless-struggles 
Remove the dependency on MBEDTLS_TIME_H from the timing module
 2022-04-08 18:43:16 +02:00
Krzysztof Stachowiak
de6effa645 Change the MSVC static runtime CMake option name and moved it into the library directory 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 15:17:32 +01:00
Neil Armstrong
95a892311d Comment decrypt & encrypt callback entries of mbedtls_pk_ecdsa_opaque_info as not relevant 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-08 15:13:51 +02:00
Neil Armstrong
7df6677c34 Remove now invalid comment in pk_opaque_ecdsa_can_do() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-08 15:13:06 +02:00
Neil Armstrong
56e71d4d1a Update documentation of mbedtls_pk_setup_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-08 15:12:42 +02:00
Neil Armstrong
eccf88fa48 Only accept RSA key pair in mbedtls_pk_setup_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-08 15:11:50 +02:00
Hanno Becker
5e18f74abb Make alert sending function re-entrant 
Fixes #1916

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:16:43 +01:00
Andrzej Kurek
5735369f4a Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C 
The timing module might include time.h on its own when on 
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. 


Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-08 04:41:42 -04:00
Glenn Strauss
236e17ec26 Introduce mbedtls_ssl_hs_cb_t typedef 
Inline func for mbedtls_ssl_conf_cert_cb()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-07 14:18:30 -04:00
Przemek Stekiel
e3ee221893 Free other secret in tls12_prf context 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-07 15:41:56 +02:00
Przemek Stekiel
23650286ac Add psa_tls12_prf_set_other_key() function to store other secret input 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-07 15:41:46 +02:00
Neil Armstrong
c1152e4a0f Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong
7e1b4a45fa Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong
295aeb17e6 Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong
b980c9b48c Add support for RSA in pk_opaque_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong
ca5b55f0d1 Add support for RSA in mbedtls_pk_wrap_as_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong
eabbf9d907 Add support for RSA PK Opaque key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 14:51:47 +02:00
Andrzej Kurek
714b6603e4 Remove dummy timing implementation 
Having such implementation might cause issues for those that
expect to have a working implementation.
Having a compile-time error is better in such case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-07 07:44:04 -04:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh 
TLS ECDH 3b: server-side static ECDH (1.2)
 2022-04-07 11:46:25 +02:00
Hanno Becker
e141702551 Adjust mpi_montmul() to new signature of mpi_mul_hlp() 
A previous commit has changed the signature of mpi_mul_hlp, making the length
of the output explicit. This commit adjusts mpi_montmul() accordingly.

It also fixes a comment on the required size of the temporary value
passed to mpi_montmul() (but does not change the call-sites).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:59:34 +01:00
Hanno Becker
74a11a31cb Adjust mbedtls_mpi_mul_int() to changed signature of mpi_mul_hlp() 
A previous commit has changed the signature of mpi_mul_hlp(), making
the length of the output explicit.

This commit adjusts mbedtls_mpi_mul_int() to this change.

Along the way, we make the code simpler and more secure by not calculating
the minimal limb-size of A. A previous comment indicated that this was
functionally necessary because of the implementation of mpi_mul_hlp() --
if it ever was, it isn't anymore.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:59:34 +01:00
Hanno Becker
fee261a505 Adjust mbedtls_mpi_mul_mpi() to new signature of mpi_mul_hlp() 
The previous commit has changed the signature of mpi_mul_hlp(),
making the length of the output explicit.

This commit adjusts the call-site in mbedtls_mpi_mul_mpi() to
this new signature.

A notable change to the multiplication strategy had to be made:
mbedtls_mpi_mul_mpi() performs a simple row-wise schoolbook
multiplication, which however was so far computed iterating
rows from top to bottom. This leads to the undesirable consequence
that as lower rows are calculated and added to the temporary
result, carry chains can grow. It is simpler and faster to
iterate from bottom to top instead, as it is guaranteed that
there will be no carry when adding the next row to the previous
temporary result: The length of the output in each iteration
can be fixed to len(B)+1.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:59:34 +01:00
Hanno Becker
defe56928e Make length of output explicit in mpi_mul_hlp() 
The helper `mpi_mul_hlp()` performs a multiply-accumulate
operation `d += s * b`, where `d,b` are MPIs and `b` is a scalar.

Previously, only the length of `s` was specified, while `d` was
assumed to be 0-terminated of unspecified length.

This was leveraged at the end of the core multiplication steps
computingg the first `limb(s)` limbs of `d + s*b`: Namely, the
routine would keep on adding the current carry to `d` until none
was left. This can, in theory, run for an arbitrarily long time
if `d` has a tail of `0xFF`s, and hence the assumption of
`0`-termination.

This solution is both fragile and insecure -- the latter because
the carry-loop depends on the result of the multiplication.

This commit changes the signature of `mpi_mul_hlp()` to receive
the length of the output buffer, which must be greater or equal
to the length of the input buffer.

It is _not_ assumed that the output buffer is strictly larger
than the input buffer -- instead, the routine will simply return
any carry that's left. This will be useful in some applications
of this function. It is the responsibility of the caller to either
size the output appropriately so that no carry will be left, or
to handle the carry.

NOTE: The commit leaves the library in a state where it cannot
      be compiled since the call-sites of mpi_mul_hlp() have
      not yet been adjusted. This will be done in the subsequent
      commits.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:59:29 +01:00
Hanno Becker
e7f14a3090 Remove unused variable in mpi_mul_hlp() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:11:26 +01:00
Gilles Peskine
a9b6c8074a Fix psa_mac_verify() returning BUFFER_TOO_SMALL 
It doesn't make sense for psa_mac_verify() to return
PSA_ERROR_BUFFER_TOO_SMALL since it doesn't have an output buffer. But this
was happening when requesting the verification of an unsupported algorithm
whose output size is larger than the maximum supported MAC size, e.g.
HMAC-SHA-512 when building with only SHA-256 support. Arrange to return
PSA_ERROR_NOT_SUPPORTED instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:03:39 +02:00
Gilles Peskine
695c4cb7ea If a cipher algorithm is not supported, fail during setup 
In some cases, a cipher operation for an unsupported algorithm could succeed
in psa_cipher_{encrypt,decrypt}_setup() and fail only when input is actually
fed. This is not a major bug, but it has several minor downsides: fail-late
is harder to diagnose for users than fail-early; some code size can be
gained; tests that expect failure for not-supported parameters would have to
be accommodated to also accept success.

This commit at least partially addresses the issue. The only completeness
goal in this commit is to pass our full CI, which discovered that disabling
only PSA_WANT_ALG_STREAM_CIPHER or PSA_WANT_ALG_ECB_NO_PADDING (but keeping
the relevant key type) allowed cipher setup to succeed, which caused
failures in test_suite_psa_crypto_op_fail.generated in
component_test_psa_crypto_config_accel_xxx.

Changes in this commit:
* mbedtls_cipher_info_from_psa() now returns NULL for unsupported cipher
  algorithms. (No change related to key types.)
* Some code that is only relevant for ECB is no longer built if
  PSA_WANT_ALG_ECB_NO_PADDING is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:03:39 +02:00
Gilles Peskine
0c3a071300 Make psa_key_derivation_setup return early if the key agreement is not supported 
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:00:01 +02:00
Gilles Peskine
0cc417d34b Make psa_key_derivation_setup return early if the hash is not supported 
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 14:58:39 +02:00
Gilles Peskine
9efde4f2ec Simplify is_kdf_alg_supported in psa_key_derivation_setup_kdf 
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 14:57:20 +02:00
Przemek Stekiel
8583627ece psa_ssl_status_to_mbedtls: add conversion of PSA_ERROR_BUFFER_TOO_SMALL 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-05 10:50:53 +02:00
Neil Armstrong
1039ba5c98 Check if not using Opaque PSK in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:33:01 +02:00
Neil Armstrong
ede381c808 Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:33:01 +02:00
Neil Armstrong
3cae167e6a Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
e18ff952a7 Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
b7ca76b652 Use intermediate pointer for readability and rename PMS pointer in ECHDE-PSK PSA version of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
fdf20cb513 Fix command indentation in ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
2d63da9269 Introduce zlen size variable in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
d6e2759afb Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
fb0a81ece9 Return PSA translated errors in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
5a1455d8d5 Remove useless braces in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
3bcef08335 Update comments in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
549a3e4737 Initialize uninitialized variable in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
fc834f2e2c Introduce content_len_size variable in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
0bdb68a242 Introduce zlen size variable in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:52 +02:00
Neil Armstrong
d8420cad31 Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:52 +02:00
Neil Armstrong
c530aa6b4e Return PSA translated errors in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:52 +02:00
Neil Armstrong
b9f319aec1 Remove useless braces in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:51 +02:00
Neil Armstrong
2540045542 Update comments in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:07 +02:00
Neil Armstrong
bc5e8f9dd0 Initialize uninitialized variables in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:07 +02:00
Neil Armstrong
039db29c7d Implement PSA server-side ECDHE-PSK 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:07 +02:00
Neil Armstrong
868af821c9 Implement PSA client-side ECDHE-PSK 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:06 +02:00
Przemek Stekiel
a9f9335ee9 ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check 
This check can be removed as if the buffer is too small for the key, then export will fail.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-04 17:32:30 +02:00
Neil Armstrong
e88d190f2e Set ecdh_psa_privkey_is_external to 1 right after setting ecdh_psa_privkey in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-04 11:27:57 +02:00
Neil Armstrong
f716a700a1 Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-04 11:23:46 +02:00
Manuel Pégourié-Gonnard
de68e39ddf
Merge pull request #5568 from superna9999/5159-pk-rsa-verification 
PK: RSA verification
 2022-04-04 11:23:33 +02:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 
TLS 1.2/1.3 version negotiation - 2
 2022-04-01 12:29:06 +02:00