Hanno Becker
dfcb2d084b
Fix Doxygen for mbedtls_mpi_core_mla()
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 13:44:15 +01:00
Hanno Becker
99ba4cc6d5
Remove Doxygen from mbedtls_mpi_core_mla() implementation
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 13:44:03 +01:00
Hanno Becker
efdc519864
Reintroduce though-to-be unused variable in correct place
...
The variable is a local variable for the i386 bignum assembly only;
introduce it as part of the start/finish macros.
It can be noted that the variable is initialize to 0 within MULADDC_INIT,
so there are no data dependencies across blocks of MULADDC_INIT/CORE/STOP.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 10:44:02 +01:00
Hanno Becker
5d4ceeb25c
Remove const qualifier for mutable local variable in mpi_mul_hlp()
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 09:46:47 +01:00
Hanno Becker
284d778d28
Address review comments
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 09:19:24 +01:00
Hanno Becker
e9dd9a1f31
Use size_t for number of limbs
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 09:06:27 +01:00
Manuel Pégourié-Gonnard
eaf3086831
Merge pull request #1133 from RonEld/1805
...
Fix Shared Library compilation issue with Cmake
2022-04-11 09:31:59 +02:00
Hanno Becker
6454993e2e
Safeguard against calling p255 reduction with single-width MPI
...
(In this case, there's nothing to do anyway since we only do a
quasi-reduction to N+1 limbs)
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 07:35:58 +01:00
Hanno Becker
25bb732ea7
Simplify x25519 reduction using internal bignum MLA helper
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 07:03:48 +01:00
Hanno Becker
aef9cc4f96
Rename mpi_mul_hlp -> mbedtls_mpi_core_mla and expose internally
...
This paves the way for the helper to be used from the ECP module
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 07:03:43 +01:00
Gilles Peskine
e1730e492d
Merge pull request #5708 from AndrzejKurek/timeless-struggles
...
Remove the dependency on MBEDTLS_TIME_H from the timing module
2022-04-08 18:43:16 +02:00
Neil Armstrong
95a892311d
Comment decrypt & encrypt callback entries of mbedtls_pk_ecdsa_opaque_info as not relevant
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:13:51 +02:00
Neil Armstrong
7df6677c34
Remove now invalid comment in pk_opaque_ecdsa_can_do()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:13:06 +02:00
Neil Armstrong
56e71d4d1a
Update documentation of mbedtls_pk_setup_opaque()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:12:42 +02:00
Neil Armstrong
eccf88fa48
Only accept RSA key pair in mbedtls_pk_setup_opaque()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:11:50 +02:00
Hanno Becker
5e18f74abb
Make alert sending function re-entrant
...
Fixes #1916
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:16:43 +01:00
Andrzej Kurek
5735369f4a
Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C
...
The timing module might include time.h on its own when on
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled.
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:41:42 -04:00
Glenn Strauss
236e17ec26
Introduce mbedtls_ssl_hs_cb_t typedef
...
Inline func for mbedtls_ssl_conf_cert_cb()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-07 14:18:30 -04:00
Przemek Stekiel
e3ee221893
Free other secret in tls12_prf context
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:41:56 +02:00
Przemek Stekiel
23650286ac
Add psa_tls12_prf_set_other_key() function to store other secret input
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:41:46 +02:00
Neil Armstrong
c1152e4a0f
Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
7e1b4a45fa
Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
295aeb17e6
Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
b980c9b48c
Add support for RSA in pk_opaque_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
ca5b55f0d1
Add support for RSA in mbedtls_pk_wrap_as_opaque()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
eabbf9d907
Add support for RSA PK Opaque key
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Andrzej Kurek
714b6603e4
Remove dummy timing implementation
...
Having such implementation might cause issues for those that
expect to have a working implementation.
Having a compile-time error is better in such case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-07 07:44:04 -04:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
...
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Hanno Becker
e141702551
Adjust mpi_montmul() to new signature of mpi_mul_hlp()
...
A previous commit has changed the signature of mpi_mul_hlp, making the length
of the output explicit. This commit adjusts mpi_montmul() accordingly.
It also fixes a comment on the required size of the temporary value
passed to mpi_montmul() (but does not change the call-sites).
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-06 06:59:34 +01:00
Hanno Becker
74a11a31cb
Adjust mbedtls_mpi_mul_int() to changed signature of mpi_mul_hlp()
...
A previous commit has changed the signature of mpi_mul_hlp(), making
the length of the output explicit.
This commit adjusts mbedtls_mpi_mul_int() to this change.
Along the way, we make the code simpler and more secure by not calculating
the minimal limb-size of A. A previous comment indicated that this was
functionally necessary because of the implementation of mpi_mul_hlp() --
if it ever was, it isn't anymore.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-06 06:59:34 +01:00
Hanno Becker
fee261a505
Adjust mbedtls_mpi_mul_mpi() to new signature of mpi_mul_hlp()
...
The previous commit has changed the signature of mpi_mul_hlp(),
making the length of the output explicit.
This commit adjusts the call-site in mbedtls_mpi_mul_mpi() to
this new signature.
A notable change to the multiplication strategy had to be made:
mbedtls_mpi_mul_mpi() performs a simple row-wise schoolbook
multiplication, which however was so far computed iterating
rows from top to bottom. This leads to the undesirable consequence
that as lower rows are calculated and added to the temporary
result, carry chains can grow. It is simpler and faster to
iterate from bottom to top instead, as it is guaranteed that
there will be no carry when adding the next row to the previous
temporary result: The length of the output in each iteration
can be fixed to len(B)+1.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-06 06:59:34 +01:00
Hanno Becker
defe56928e
Make length of output explicit in mpi_mul_hlp()
...
The helper `mpi_mul_hlp()` performs a multiply-accumulate
operation `d += s * b`, where `d,b` are MPIs and `b` is a scalar.
Previously, only the length of `s` was specified, while `d` was
assumed to be 0-terminated of unspecified length.
This was leveraged at the end of the core multiplication steps
computingg the first `limb(s)` limbs of `d + s*b`: Namely, the
routine would keep on adding the current carry to `d` until none
was left. This can, in theory, run for an arbitrarily long time
if `d` has a tail of `0xFF`s, and hence the assumption of
`0`-termination.
This solution is both fragile and insecure -- the latter because
the carry-loop depends on the result of the multiplication.
This commit changes the signature of `mpi_mul_hlp()` to receive
the length of the output buffer, which must be greater or equal
to the length of the input buffer.
It is _not_ assumed that the output buffer is strictly larger
than the input buffer -- instead, the routine will simply return
any carry that's left. This will be useful in some applications
of this function. It is the responsibility of the caller to either
size the output appropriately so that no carry will be left, or
to handle the carry.
NOTE: The commit leaves the library in a state where it cannot
be compiled since the call-sites of mpi_mul_hlp() have
not yet been adjusted. This will be done in the subsequent
commits.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-06 06:59:29 +01:00
Hanno Becker
e7f14a3090
Remove unused variable in mpi_mul_hlp()
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-06 06:11:26 +01:00
Gilles Peskine
a9b6c8074a
Fix psa_mac_verify() returning BUFFER_TOO_SMALL
...
It doesn't make sense for psa_mac_verify() to return
PSA_ERROR_BUFFER_TOO_SMALL since it doesn't have an output buffer. But this
was happening when requesting the verification of an unsupported algorithm
whose output size is larger than the maximum supported MAC size, e.g.
HMAC-SHA-512 when building with only SHA-256 support. Arrange to return
PSA_ERROR_NOT_SUPPORTED instead.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:03:39 +02:00
Gilles Peskine
695c4cb7ea
If a cipher algorithm is not supported, fail during setup
...
In some cases, a cipher operation for an unsupported algorithm could succeed
in psa_cipher_{encrypt,decrypt}_setup() and fail only when input is actually
fed. This is not a major bug, but it has several minor downsides: fail-late
is harder to diagnose for users than fail-early; some code size can be
gained; tests that expect failure for not-supported parameters would have to
be accommodated to also accept success.
This commit at least partially addresses the issue. The only completeness
goal in this commit is to pass our full CI, which discovered that disabling
only PSA_WANT_ALG_STREAM_CIPHER or PSA_WANT_ALG_ECB_NO_PADDING (but keeping
the relevant key type) allowed cipher setup to succeed, which caused
failures in test_suite_psa_crypto_op_fail.generated in
component_test_psa_crypto_config_accel_xxx.
Changes in this commit:
* mbedtls_cipher_info_from_psa() now returns NULL for unsupported cipher
algorithms. (No change related to key types.)
* Some code that is only relevant for ECB is no longer built if
PSA_WANT_ALG_ECB_NO_PADDING is disabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:03:39 +02:00
Gilles Peskine
0c3a071300
Make psa_key_derivation_setup return early if the key agreement is not supported
...
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:00:01 +02:00
Gilles Peskine
0cc417d34b
Make psa_key_derivation_setup return early if the hash is not supported
...
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:58:39 +02:00
Gilles Peskine
9efde4f2ec
Simplify is_kdf_alg_supported in psa_key_derivation_setup_kdf
...
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:57:20 +02:00
Przemek Stekiel
8583627ece
psa_ssl_status_to_mbedtls: add conversion of PSA_ERROR_BUFFER_TOO_SMALL
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-05 10:50:53 +02:00
Neil Armstrong
1039ba5c98
Check if not using Opaque PSK in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:33:01 +02:00
Neil Armstrong
ede381c808
Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:33:01 +02:00
Neil Armstrong
3cae167e6a
Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
e18ff952a7
Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_write_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
b7ca76b652
Use intermediate pointer for readability and rename PMS pointer in ECHDE-PSK PSA version of ssl_write_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
fdf20cb513
Fix command indentation in ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
2d63da9269
Introduce zlen size variable in ECHDE-PSK part of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
d6e2759afb
Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
fb0a81ece9
Return PSA translated errors in ECHDE-PSK part of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
5a1455d8d5
Remove useless braces in ECHDE-PSK part of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
3bcef08335
Update comments in ECHDE-PSK part of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
549a3e4737
Initialize uninitialized variable in ECHDE-PSK part of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
fc834f2e2c
Introduce content_len_size variable in ECHDE-PSK part of ssl_write_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
0bdb68a242
Introduce zlen size variable in ECHDE-PSK part of ssl_write_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:52 +02:00
Neil Armstrong
d8420cad31
Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_write_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:52 +02:00
Neil Armstrong
c530aa6b4e
Return PSA translated errors in ECHDE-PSK part of ssl_write_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:52 +02:00
Neil Armstrong
b9f319aec1
Remove useless braces in ECHDE-PSK part of ssl_write_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:51 +02:00
Neil Armstrong
2540045542
Update comments in ECHDE-PSK part of ssl_write_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:07 +02:00
Neil Armstrong
bc5e8f9dd0
Initialize uninitialized variables in ECHDE-PSK part of ssl_write_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:07 +02:00
Neil Armstrong
039db29c7d
Implement PSA server-side ECDHE-PSK
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:07 +02:00
Neil Armstrong
868af821c9
Implement PSA client-side ECDHE-PSK
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:06 +02:00
Przemek Stekiel
a9f9335ee9
ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check
...
This check can be removed as if the buffer is too small for the key, then export will fail.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-04 17:32:30 +02:00
Neil Armstrong
e88d190f2e
Set ecdh_psa_privkey_is_external to 1 right after setting ecdh_psa_privkey in ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-04 11:27:57 +02:00
Neil Armstrong
f716a700a1
Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-04 11:23:46 +02:00
Manuel Pégourié-Gonnard
de68e39ddf
Merge pull request #5568 from superna9999/5159-pk-rsa-verification
...
PK: RSA verification
2022-04-04 11:23:33 +02:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2
...
TLS 1.2/1.3 version negotiation - 2
2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors
...
Accessors to own CID within mbedtls_ssl_context
2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard
6a25159c69
Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations
...
HKDF 2: use internal implementations in TLS 1.3
2022-04-01 11:15:29 +02:00
Manuel Pégourié-Gonnard
451114fe42
Merge pull request #5647 from superna9999/5179-follow-up-tls-record-hmac-no-mdinfo
...
Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
2022-04-01 10:04:56 +02:00
Paul Elliott
0113cf1022
Add accessor for own cid to ssl context
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Ronald Cron
11218dda96
ssl_client.c: Fix unused parameter
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
bdb4f58cea
Add and update documentation of some minor version fields
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:24:59 +02:00
Ronald Cron
82c785fac3
Make handshake::min_minor_ver client only
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 15:44:41 +02:00
Neil Armstrong
91477a7964
Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
1335222f13
Return translated PSA error in PSA version of ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
f788253ed3
Fix comment typo in PSA version of ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
80325d00cf
Allow ECDSA PK Opaque keys for ECDH Derivation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
104a7c1d29
Handle Opaque PK EC keys in ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
8113d25d1e
Add ecdh_psa_shared_key flag to protect PSA privkey if imported
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
5cd5f76d67
Use mbedtls_platform_zeroize() in ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
4f33fbc7e9
Use PSA define for max EC key pair size in ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
306d6074b3
Fix indentation issue in PSA version of ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
062de7dd79
Use PSA_BITS_TO_BYTES instead of open-coded calculation in PSA version of ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
1f4b39621b
Implement PSA server-side ECDH-RSA/ECDSA
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Ronald Cron
6476726ce4
Fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 14:13:57 +02:00
Ronald Cron
a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1
...
TLS 1.2/1.3 version negotiation - 1
2022-03-31 11:47:16 +02:00
Ronald Cron
ba120bb228
ssl_tls13_client.c: Fix ciphersuite final validation
...
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
8fdad9e534
ssl_tls12_client.c: Remove duplicate of ciphersuite validation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
757a2abfe2
ssl_client.c: Extend and export ciphersuite validation function
...
Extend and export ciphersuite validation function
to be able to use it in TLS 1.2/3 specific code.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
f735cf1f0f
ssl_tls.c: Fix ciphersuite selection regarding protocol version
...
Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
9847338429
ssl_tls13_client.c: Add check in supported_versions parsing
...
Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:33:41 +02:00
Ronald Cron
1fa4f6863b
ssl_tls.c: Return in error if default config fails
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
Ronald Cron
a77fc2756e
ssl_tls13_client.c: versions ext writing : Fix available space check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
Ronald Cron
37bdaab64f
tls: Simplify the logic of the config version check and test it
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:26:58 +02:00
Ronald Cron
3cffc5ccb1
tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:59:44 +02:00
Ronald Cron
150d579d7a
ssl_client.c: Improve coding style
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:58:50 +02:00
Neil Armstrong
e451295179
Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:41:12 +02:00
Neil Armstrong
253e9e7e6d
Use mbedtls_rsa_info directly in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
ea54dbe7c2
Fix comment typo in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
19e6bc4c9f
Use new PSA to mbedtls PK error mapping functions in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
8a44bb47ac
Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
82cf804e34
Fix 80 characters indentation in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
6baea78072
Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
a33280af6c
Check psa_destroy_key() return in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
059a80c212
Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
52f41f8228
PK: RSA verification PSA wrap implementation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Ronald Cron
da41b38c42
Improve and fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 14:10:03 +02:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over
...
Add mbedtls_ssl_is_handshake_over()
2022-03-30 12:16:40 +02:00
Gabor Mezei
e42d8bf83b
Add macro guard for header file
...
Some of the macros are used by the test data files and must be moved
before the macros guard.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-30 11:33:06 +02:00
Manuel Pégourié-Gonnard
abed05f335
Merge pull request #5652 from arturallmann/issue-commit
...
Fix comment typo in threading.c
2022-03-30 10:01:24 +02:00
Ronald Cron
8ecd9937a9
ssl_client.c: Fix state change for DTLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
f660655b84
TLS: Allow hybrid TLS 1.2/1.3 in default configurations
...
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
e71639d39b
Simplify TLS major version default value setting
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
dbe87f08ec
Propose TLS 1.3 and TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
9f0fba374c
Add logic to switch to TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
e1d3f06399
Allow hybrid TLS 1.3 + TLS 1.2 configuration
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
fbd9f99f10
ssl_tls.c: Move some client specific functions to ssl_client.c
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
7320e6436b
ssl_tls12_client.c: Switch to generic Client Hello state handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
27c85e743f
ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
5f4e91253f
ssl_client.c: Add DTLS ClientHello message sending specifics
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
4079abc7d1
ssl_client.c: Adapt extensions writing to the TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
11e1857f5e
ssl_client.c: Fix key share code guards
...
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
df823bf39b
ssl_client.c: Re-order partially extension writing
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:57:54 +02:00
Ronald Cron
42c1cbf1de
ssl_client.c: Adapt compression methods comment to TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:56:58 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export
...
Add ECP keypair export function
2022-03-29 17:19:04 +01:00
Artur Allmann
3f396152b7
Fix typo "phtreads" to "pthreads"
...
Closes issue #5349
Signed-off-by: Artur Allmann <Artur.Allmann@tptlive.ee>
2022-03-29 17:43:56 +02:00
Ronald Cron
d491c2d779
ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
Ronald Cron
a874aa818a
ssl_client.c: Add DTLS 1.2 cookie support
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
Ronald Cron
021b1785ef
ssl_client.c: Adapt session id generation to the TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
Ronald Cron
58b803818d
ssl_client.c: Adapt TLS random generation and writing to TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:50 +02:00
Gabor Mezei
cb5ef6a532
Remove duplicated includes
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-29 17:10:01 +02:00
Gabor Mezei
55c49a3335
Use proper macro guard
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-29 17:09:15 +02:00
Gabor Mezei
29e7ca89d5
Fix typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-29 17:08:49 +02:00
Gabor Mezei
c09437526c
Remove commented out code
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-29 17:08:15 +02:00
Ronald Cron
1614eb668c
ssl_client.c: Adapt TLS version writing to TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
86a477f5ee
ssl_client.c: Adapt initial version selection to TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
5456a7f89c
ssl_client.c: Expand ssl_write_client_hello_body doc with TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
71c2332860
ssl_client.c: Rename TLS 1.3 ClientHello writing functions
...
Rename TLS 1.3 ClientHello writing functions
aiming to support TLS 1.2 as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
3d580bf4bd
Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal
...
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
2022-03-29 15:34:12 +01:00
Ronald Cron
8f6d39a81d
Make some handshake TLS 1.3 utility routines available for TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
7ffe7ebe38
ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards
...
Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will
be necessary when the ClientHello writing code is
made available when MBEDTLS_SSL_PROTO_TLS1_2 is
enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
04fbd2b2ff
ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
12dcdf0d6e
ssl_tls12_client.c: Move writing of TLS 1.2 specific extensions
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
4e263fd49c
ssl_tls12_client.c: Simplify TLS version in encrypted PMS
...
This can only be TLS 1.2 now in this structure and when
adding support for TLS 1.2 or 1.3 version negotiation
the highest configured version can be TLS 1.3.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
90f012037d
ssl_tls12_server.c: Simplify TLS version check in ClientHello
...
The TLS server code only support TLS 1.2 thus simplify
the check of the version proposed by the client.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
086ee0be0e
ssl_tls.c: Reject TLS 1.3 version configuration for server
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
8457c12127
ssl_tls12_server.c: Remove some unnecessary checks on TLS minor version
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
b894ac7f99
ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
90915f2a21
ssl_tls12_client.c: Remove some unnecessary checks on TLS minor version
...
ssl_tls12_client.c contains only TLS 1.2 specific
code thus remove some checks on the minor version
version being MBEDTLS_SSL_MINOR_VERSION_3. No aim
for completeness, ssl_parse_server_hello() is not
reworked here for example.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
a25cf58681
ssl_tls.c: Remove one unnecessary minor version check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
c2f13a0568
ssl_tls.c: Modify mbedtls_ssl_set_calc_verify_md()
...
Modify mbedtls_ssl_set_calc_verify_md() taking into
account that it is an TLS 1.2 only function.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
4dcbca952e
ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section
...
In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the
"if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive
as it is specific to TLS 1.2.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
81591aa0f3
ssl_tls.c: Remove ssl_set_handshake_prfs unnecessary minor_ver param
...
ssl_set_handshake_prfs() is TLS 1.2 specific and only called
from TLS 1.2 only code thus no need to pass the TLS minor
version of the currebt session.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
f12b81d387
ssl_tls.c: Fix PSA ECDH private key destruction
...
In TLS 1.3, a PSA ECDH private key may be created
even if MBEDTLS_SSL_USA_PSA_CRYPTO is disabled. We
must destroy this key if still referenced by an
handshake context when we free such context.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
5b98ac9c64
TLS 1.3: Move PSA ECDH private key destroy to dedicated function
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
8540cf66ac
ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512
...
In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose
PKCS1 v1.5 signatures with SHA_384/512 not only
SHA_256. There is no point in not proposing them
if they are available.
In TLS 1.3 those could be useful for certificate
signature verification.
In hybrid TLS 1.2/1.3 this allows to propose for
TLS 1.2 the same set of signature algorithms.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
60ff79424e
ssl_tls13_client.c: alpn: Miscellanous minor improvements
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
13d8ea1dd9
ssl_tls13_client.c: alpn: Loop only once over protocol names
...
This has although the benefit of getting rid of a
potential integer overflow (though very unlikely
and probably harmless).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
a0855a6d13
ssl_tls13_client.c: alpn: Add missing return value assignment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
de1adee51a
Rename ssl_cli/srv.c
...
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512
...
Add rsae sha384 sha512
2022-03-29 14:01:51 +02:00
Manuel Pégourié-Gonnard
39f2f73e69
Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing
...
Restore full TLS compatibility testing
2022-03-28 18:31:17 +02:00
Ronald Cron
e44d8e7eea
Merge pull request #5369 from xkqian/add_2nd_client_hello
...
Add 2nd client hello
2022-03-28 12:18:41 +02:00
Przemek Stekiel
ab5274bb19
Remove parameters validation using ECP_VALIDATE_RET
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-28 07:23:08 +02:00
Gabor Mezei
ed6d6589b3
Use hash algoritm for parameter instead of HMAC
...
To be compatible with the other functions `mbedtls_psa_hkdf_extract` and
`mbedtls_psa_hkdf_expand` use hash algorithm for parameter.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-26 17:28:06 +01:00
Gabor Mezei
07732f7015
Translate from mbedtls_md_type_t to psa_algorithm_t
...
Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-26 17:04:19 +01:00
Gabor Mezei
5d9a1fe9e9
PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3
...
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-26 15:47:15 +01:00
Ronald Cron
fb39f15fa1
ssl_tls.c: Use ETM status only in CBC mode case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
Ronald Cron
862902dd57
ssl_srv.c: Mark ETM as disabled if cipher is not CBC
...
Encrypt-Then-Mac (ETM) is supported in Mbed TLS TLS
1.2 server only for the CBC cipher mode thus make it
clear in the SSL context.
The previous code was ok as long as the check of
the ETM status was done only in the case of the CBC
cipher mode but fragile as #5573 revealed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
Manuel Pégourié-Gonnard
cefa904759
Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor
...
Accessor for mbedtls_timing_delay_context final delay
2022-03-25 09:14:41 +01:00
XiaokangQian
20438976f9
Change comments and styles base on review
...
Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:09:29 +00:00
XiaokangQian
c02768a399
Replace ssl->handshake with handshake in write_cookie_ext()
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
9b93c0dd8d
Change cookie parameters for dtls and tls 1.3
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
25c9c9023c
Refine cookie len to fix compile issues
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
9deb90f74e
Change parameter names and code style
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
5e3c947841
Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
233397ef88
Update code base on comments
...
Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data
Change code styles and comments
Fix cookie write issues
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
0b64eedba8
Add cookies write in client hello
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
Ronald Cron
90045241e7
Merge pull request #5659 from yuhaoth/pr/fix-wrong-check-certificate-verify
...
TLS1.3: Fix incorrect check for certificate verify
2022-03-25 08:35:41 +01:00
Jerry Yu
6c6f10265d
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-25 11:09:50 +08:00
Paul Elliott
27b0d94e25
Use mbedtls_ssl_is_handshake_over()
...
Switch over to using the new function both internally and in tests.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-24 14:43:52 +00:00
Jerry Yu
bd1b3278b1
Remove useless code
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 13:07:28 +08:00
Tom Cosgrove
b7f5b97650
Minor changes to sha256.c to bring it in line with sha512.c
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:56 +00:00
Tom Cosgrove
87fbfb5d82
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
...
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.
The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.
There should be minimal code size impact if no A64_CRYPTO option is set.
The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Jerry Yu
e26acee896
Refactor guards for sig algs
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 21:01:33 +08:00
Jerry Yu
f8aa9a44aa
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 20:54:38 +08:00
Manuel Pégourié-Gonnard
5e4bf95d09
Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies
...
MD: HMAC in DTLS cookies
2022-03-23 13:05:24 +01:00
Jerry Yu
8c3388620d
create sig_alg decode function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 13:34:04 +08:00
Jerry Yu
0c23fc39c3
fix various guards issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 12:20:01 +08:00
Jerry Yu
7533982f68
guard pk_error_from_psa_ecdsa with USE_PSA_CRYPTO
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 12:06:31 +08:00
Jerry Yu
e010de4be3
Rename ctx to rsa_ctx
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 11:45:55 +08:00
Jerry Yu
fb0621d841
fix pk_sign_ext issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 11:42:06 +08:00
Jerry Yu
cef3f33012
Guard rsa sig algs with rsa_c and pkcs1_v{15,21}
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 23:16:42 +08:00
Jerry Yu
e91a51a539
Refactor get_sig_alg_from pk
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 21:42:50 +08:00
Jerry Yu
bf455e7516
rename pk_psa_rsa_sign_ext param
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 21:39:41 +08:00
Jerry Yu
3616533d26
tls13:remove ec check from validate certification
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 19:46:05 +08:00
Neil Armstrong
488a40eecb
Rename psa_hmac to psa_hmac_key in mbedtls_ssl_cookie_ctx
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-22 10:41:38 +01:00
Jerry Yu
dddf5a0e18
Refactor get_sig_alg_from_pk
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:47:19 +08:00
Jerry Yu
89107d1bc2
fix ci fail without RSA_C
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:53 +08:00
Jerry Yu
406cf27cb5
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:53 +08:00
Jerry Yu
848ecce990
fix wrong typo in function name
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:52 +08:00
Jerry Yu
07869e804c
fix psa crypto test fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
b02ee18e64
replace use_psa_crypto with psa_crypto_c
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
b6875bc17a
change rsa_pss salt type
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
704cfd2a86
fix comments and style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
718a9b4a3f
fix doxgen fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
1d172a3483
Add pk_psa_sign_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
8beb9e173d
Change prototype of pk_sign_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
67eced0132
replace pk_sign with pk_sign_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
d69439aa61
add mbedtls_pk_sign_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
3a58b462b6
add pss_rsae_sha{384,512}
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
bfcfe74b4e
add signature algorithm debug helper
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:33 +08:00
Jerry Yu
919130c035
Add rsa_pss_rsae_sha256 support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:33 +08:00
Gabor Mezei
1e64f7a643
Use MBEDTLS_USE_PSA_CRYPTO macro guard for testing instead of MBEDTLS_PSA_CRYPTO_C
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-21 17:00:54 +01:00
Gabor Mezei
1bf075fffd
Use SSL error codes
...
The `psa_ssl_status_to_mbedtls` function is not only used for
cipher operations so transalte to TLS error codes.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-21 17:00:53 +01:00
Gabor Mezei
adfeadc6e5
Extend PSA error translation
...
Add new error codes to the PSA to mbedtls error translation.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-21 17:00:53 +01:00
Gabor Mezei
58db65354b
Use the PSA-based HKDF functions
...
Use the `mbedtls_psa_hkdf_extract` and `mbedtls_psa_hkdf_expand`
functions in the HKDF handling.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-21 17:00:53 +01:00
Paul Elliott
b9af2db4cf
Add accessor for timing final delay
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-21 15:26:19 +00:00
Neil Armstrong
79daea25db
Handle and return translated PSA errors in ssl_cookie.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-21 12:05:51 +01:00
Neil Armstrong
2d5e343c75
Use inline PSA code instead of using ssl_cookie_hmac in mbedtls_ssl_cookie_write()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-21 11:39:52 +01:00
Manuel Pégourié-Gonnard
f4042f076b
Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac
...
TLS record HMAC
2022-03-21 11:36:44 +01:00
Manuel Pégourié-Gonnard
706f6bae27
Merge pull request #5518 from superna9999/5274-ecdsa-signing
...
PK: ECDSA signing
2022-03-21 09:57:57 +01:00
Manuel Pégourié-Gonnard
472044f21e
Merge pull request #5525 from superna9999/5161-pk-rsa-encryption
...
PK: RSA encryption
2022-03-21 09:57:38 +01:00
Ronald Cron
8d7afc642c
Merge pull request #5523 from ronald-cron-arm/one-flush-output-development
...
TLS 1.3: One flush output
2022-03-21 08:44:04 +01:00
Neil Armstrong
62e6ea2c22
Avoid spurious write to *olen in PSA version of rsa_encrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:39:49 +01:00
Neil Armstrong
17a0655c8d
Add documentation to find_ecdsa_private_key()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:27:38 +01:00
Neil Armstrong
05132ed490
md_alg is used in ecdsa_sign_wrap(), cleanup code
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:14:57 +01:00
Neil Armstrong
cb753a6945
Use mbedtls_eckey_info directly in ecdsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:14:48 +01:00
Przemek Stekiel
711d0f5e29
Add implemetation of ECP keypair export function
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-18 13:52:26 +01:00
Manuel Pégourié-Gonnard
e5b53193e0
Merge pull request #5636 from mprse/tls_ecdh_2b
...
TLS ECDH 2b: client-side static ECDH (1.2)
2022-03-18 11:36:53 +01:00
Neil Armstrong
29c0c040fc
Only make PSA HMAC key exportable when NULL or CBC & not EtM in ssl_tls12_populate_transform()
...
This requires moving the HMAC init after CIPHER init.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:10:09 +01:00
Neil Armstrong
9ebb9ff60c
Reduce HMAC buffer usage in PSA version of mbedtls_ct_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:09:58 +01:00
Neil Armstrong
72c2f76c43
Assume MAC key length is always exactly the output size in PSA version of mbedtls_ct_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:09:36 +01:00
Neil Armstrong
36cc13b340
Use PSA defines for buffers in PSA version of mbedtls_ct_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:09:20 +01:00
Neil Armstrong
ae57cfd3e7
Use psa_ssl_status_to_mbedtls in PSA version of mbedtls_ct_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 10:00:10 +01:00
Neil Armstrong
28d9c631b8
Fix comments in PSA version of mbedtls_ct_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 10:00:10 +01:00
Ron Eldor
183264cb95
Fix shared library link error with cmake on Windows
...
Set the library path as the current binary dir
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-17 12:07:50 +00:00
Manuel Pégourié-Gonnard
8d4bc5eeb9
Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac
...
HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC
2022-03-17 11:55:48 +01:00
Manuel Pégourié-Gonnard
15c0e39fff
Merge pull request #5519 from superna9999/5150-pk-rsa-decryption
...
PK: RSA decryption
2022-03-17 11:02:13 +01:00
Manuel Pégourié-Gonnard
7c92fe966a
Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection
...
TLS Cipher 2a: tickets: use PSA for protection
2022-03-17 09:50:09 +01:00
Manuel Pégourié-Gonnard
560ef5975c
Merge pull request #5613 from mprse/tls_ecdh_2a
...
TLS ECDH 2a: server-side ECDHE-ECDSA and ECDHE-RSA (1.2)
2022-03-17 09:29:41 +01:00
Przemek Stekiel
068a6b4013
ssl_check_server_ecdh_params():Adapt build flags
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-17 07:54:09 +01:00
Neil Armstrong
da1d80db19
Use mbedtls_rsa_info directly in rsa_encrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-16 15:36:32 +01:00
Neil Armstrong
7b1dc85919
Simplify padding check and get rid of psa_sig_md in rsa_encrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-16 15:36:06 +01:00
Neil Armstrong
6b03a3de5c
Use mbedtls_rsa_info directly in rsa_decrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-16 15:31:07 +01:00
Neil Armstrong
8e80504b46
Simplify padding check and get rid of psa_sig_md in rsa_decrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-16 15:30:31 +01:00
Gabor Mezei
103e08aab9
Fix return value handling
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-16 13:45:41 +01:00
Przemek Stekiel
561a42392a
ssl_parse_signature_algorithm(): refactor PSA CRYPTO code
...
- use mbedtls_ecp_point_write_binary() instead mbedtls_mpi_write_binary().
- add check for ECDH curve type in server's certificate
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-16 13:16:24 +01:00
Gabor Mezei
5b8b890a61
Check PSA functions' return value before converting
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-16 12:56:58 +01:00
Gabor Mezei
36c9f51ef2
Use size_t instead of int to silence compiler warnings
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-16 12:55:32 +01:00