yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
20935 commits 1 branch 0 tags 94 MiB
Commit graph

9279 commits

Author SHA1 Message Date
Dave Rodgman
5e03d9e601
Merge pull request #5837 from robert-shade/robert-shade/add_subdirectory_support 
Allow building as a subdir
 2022-06-06 14:11:06 +01:00
Przemek Stekiel
b57a44bf9b is_kdf_alg_supported: Adapt impl to new build flags for HKDF EXTRACT/EXPAND 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:26:43 +02:00
Przemek Stekiel
cde3f783f5 Make info valid only after secret for HKDF-EXPAND + adapt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:26:02 +02:00
Przemek Stekiel
0586f4c4ea Make salt mandatory for HKDF-EXTRACT + adapt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:25:43 +02:00
Przemek Stekiel
3e8249cde0 Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel
a29b488296 Optimize code by adding PSA_ALG_IS_ANY_HKDF macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:09 +02:00
XiaokangQian
129aeb9b0e Update test cases and support sni ca override 
Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-02 09:29:18 +00:00
Przemek Stekiel
459ee35062 Fix typo and style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-02 11:16:52 +02:00
Werner Lewis
acd01e58a3 Use ASN1 UTC tags for dates before 2000 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-01 16:24:28 +01:00
Gilles Peskine
8399cccd2e
Merge pull request #5829 from paul-elliott-arm/fix_ct_uninit_memory_access 
Fix uninitialised memory access in constant time functions
 2022-06-01 11:42:51 +02:00
Gilles Peskine
09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa 
Deprecate mbedtls_cipher_setup_psa()
 2022-05-31 10:56:52 +02:00
Jerry Yu
0a92d6c8eb fix move state to handshake over fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Kazuyuki Kimura
b88dbdded6 fix issue #2020 
Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined.

Signed-off-by: Kazuyuki Kimura <kim@wing.ocn.ne.jp>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-30 17:55:07 +01:00
Dave Rodgman
a3344f7bac
Merge pull request #5767 from leorosen/avoid-null-args 
Avoid potentially passing NULL arguments
 2022-05-30 11:40:21 +01:00
XiaokangQian
0557c94fef Add back SNI related code to validate_certificate 
Change-Id: I75883858016d4163cd7c64c3418eb3ca24fa46ea
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:10:53 +00:00
XiaokangQian
f2a942073e Fix SNI test failure 
Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian
9b2b7716b0 Change mbedtls_ssl_parse_server_name_ext base on comments 
Change-Id: I4ae831925cb1899afafb7dc626bfad9be24a5c8c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian
40a3523eb7 Add support of server name extension to server side 
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian
e7a5da597f Remove SNI related code 
Change-Id: Ic44bdb27b1bdc5c9057078dfed936fc36bddebbe
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 00:59:29 +00:00
XiaokangQian
aca9048b5f Change base on review 
Fix comments
Add test cases for client authentication with empty certificate

Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:11 +00:00
XiaokangQian
989f06d52d Change some comments base on review 
Change-Id: I3db2b8ca8162eb368d2f17dfeffee8b25f9edf6f
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:11 +00:00
XiaokangQian
63e713e8ab Fix comments 
Change-Id: Ib741f876f4d296df79565a2b8a2971918db1a77f
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:11 +00:00
XiaokangQian
c3017f620f Remove useless guards and refine checking 
Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:10 +00:00
XiaokangQian
189ded2b07 Remove coordinate functions and change state machine in server side 
Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:46:13 +00:00
XiaokangQian
6b916b1616 Add client certificate parse and certificate verify 
Change-Id: I638db78922a03db6f8bd70c6c5f56fb60365547d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:40:53 +00:00
Dave Rodgman
a636d1f192
Merge pull request #5714 from daverodgman/k-stachowiak_static-runtime-option-msvc 
Enable static linking of the common runtime in MSVC
 2022-05-25 14:47:58 +01:00
Dave Rodgman
32c995afa3
Merge pull request #5724 from Biswa96/cmake-mingw 
cmake: Fix runtime library install location in mingw
 2022-05-25 13:34:43 +01:00
Paul Elliott
8fba70f66c
Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup 
TLS 1.3: Add Finished Message and wrapup
 2022-05-25 12:02:06 +01:00
pespacek
3493587e05 FEATURE: mbedtls_md() in ssl_tls13_write_certificate_verify_body() 
replaced withpsa_hash_compute()
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-05-23 13:10:48 +02:00
pespacek
a1378105cf FEATURE: use psa_hash_xxx rather than mbedtls_md_xxx for TLS 1.3. 
ssl_tls13_parse_certificate_verify()
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-05-23 13:10:47 +02:00
Manuel Pégourié-Gonnard
69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa 
Permissions 1: create `mbedtls_pk_can_do_ext()`
 2022-05-23 10:58:32 +02:00
Robert Shade
591e729b54 Allow building as a subdir 
Fixes #5688

Signed-off-by: Robert Shade <robert.shade@gmail.com>
 2022-05-21 12:55:12 -04:00
Neil Armstrong
81d391f773 Check when usage == 0 in mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 09:26:16 +02:00
Neil Armstrong
b80785f1a4 Comment typo fix in mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 09:25:55 +02:00
Gilles Peskine
e4d3a6a4e8
Merge pull request #5804 from superna9999/5797-remove-cipher-deps-tls 
Remove Cipher dependencies in TLS
 2022-05-19 21:02:12 +02:00
Paul Elliott
5260ce27ed Fix uninitialised memory access in constant time functions 
Fix an issue reported by Coverity whereby some constant time functions
called from the ssl decrypt code could potentially access uninitialised
memory.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-05-19 18:23:24 +01:00
Dave Rodgman
afe149d76e
Merge pull request #5846 from bootstrap-prime/development 
Fix typos in documentation and constants with typo finding tool
 2022-05-19 16:53:32 +01:00
Paul Elliott
4283a6b121
Merge pull request #5736 from gilles-peskine-arm/psa-raw_key_agreement-buffer_too_small 
Make psa_raw_key_agreement return BUFFER_TOO_SMALL
 2022-05-19 16:06:02 +01:00
Neil Armstrong
084338d336 Change mbedtls_pk_can_do_ext() usage test logic for opaque keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-19 16:22:40 +02:00
Przemek Stekiel
03d948c47f Refacor code for HKDF-Extract algorithm 
Solution provided by @mpg.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-19 11:45:20 +02:00
Przemek Stekiel
2fb0dcd403 psa_hkdf_input: use more suitable condition and add comments 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-19 10:34:37 +02:00
Jerry Yu
e3d67cb263 Improve readability 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-19 15:33:10 +08:00
Jerry Yu
fd5ea0458f add compute application transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-19 14:29:48 +08:00
Jerry Yu
545432310d remove zeorize from keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-19 11:23:25 +08:00
Jerry Yu
cc0a13fcf8 remove unnecessary empty line 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-19 10:14:24 +08:00
bootstrap-prime
6dbbf44d78
Fix typos in documentation and constants with typo finding tool 
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
 2022-05-18 14:15:33 -04:00
Przemek Stekiel
b398d8693f Update descryption of HKDF-Extract/Expand algs and fix comment 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-18 15:43:54 +02:00
Neil Armstrong
8395d7a37d Change guard of mbedtls_ssl_cipher_to_psa() with USE_PSA_CRYPTO || SSL_PROTO_TLS1_3 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:24:34 +02:00
Neil Armstrong
0fa8ce3498 TLS 1.3 only have AEAD ciphers, drop the PSA_ALG_IS_AEAD() check in mbedtls_ssl_tls13_get_cipher_key_info() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong
b818e16b29 Move out common PSA code from mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong
e3b0b8ab67 Remove non-PSA code in mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong
93617245c3 Code style fixes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong
689557ca12 Make CIPHER_C guard code as alternate of USE_PSA_CRYPTO in mbedtls_ssl_ciphersuite_get_cipher_key_bitlen() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong
4f4f271850 In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong
a8093f5c48 In mbedtls_ssl_tls13_populate_transform() make sure mbedtls_cipher_info_from_type() is only called when USE_PSA is disabled 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong
801abb69a5 Provide a PSA definition of mbedtls_ssl_ciphersuite_get_cipher_key_bitlen() when MBEDTLS_USE_PSA_CRYPTO is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Jerry Yu
bb2d47d956 Remove not used state 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 16:57:45 +08:00
Jerry Yu
e8c1fca67c move trafic set to generic 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 16:57:45 +08:00
Jerry Yu
d6e253ded9 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 16:57:45 +08:00
Jerry Yu
4d8567fa9e fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu
03ed50ba6a Add handshake wrapup 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu
ff2269889d Add client finished 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu
27bdc7c6b6 Implement write server finish 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu
69dd8d4091 tls13:finished:add dummy frame work 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Ronald Cron
9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext 
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
 2022-05-17 17:01:55 +02:00
Paul Elliott
a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify 
TLS1.3:Add Certificate and CertificateVerify message on Server Side
 2022-05-17 15:47:36 +01:00
Paul Elliott
114203814a Better check for NULL pointer 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-05-17 15:01:20 +01:00
Neil Armstrong
bbb8b75f20 Fixup comment of mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 14:58:27 +02:00
Neil Armstrong
408f6a60a3 Add usage parameter to mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 14:23:20 +02:00
Neil Armstrong
dab56ba2bd Fix typo in mbedtls_pk_can_do_ext() code documentation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 11:56:55 +02:00
Gilles Peskine
3e56130fb9 psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted 
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.

The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.

Fixes #5735.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:37:54 +02:00
Dave Rodgman
2a045325f9
Merge pull request #5766 from leorosen/fix-var-init 
Add missing local variable initialization
 2022-05-16 14:47:00 +01:00
Gilles Peskine
9b7e29663f
Merge pull request #4211 from ccawley2011/mingw 
Fix compilation with MinGW32
 2022-05-16 12:30:37 +02:00
Leonid Rozenboim
a3008e7e2e Add missing local variable initialization 
These issues were flagged by Coverity as instances where a local
variable may be used prior to being initialized. Please note that
none of these changes fixes any particular bug, this is just an attempt
to add more robustness.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-05-13 18:08:11 +01:00
Paul Elliott
dd428d3650 Fix incorrect error message 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-05-13 17:43:16 +01:00
Gabor Mezei
696956da24
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-13 17:02:19 +02:00
Gabor Mezei
0a4298bbe9
Remove unnecessary duble conversion 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-13 17:02:18 +02:00
Jerry Yu
b89125b81a Add test without server certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-13 15:50:04 +08:00
Jerry Yu
23d1a256ec fix hrr handler undefine fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 20:11:16 +08:00
Neil Armstrong
a88b15897d Add implementation of mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-12 11:53:02 +02:00
Dave Rodgman
8b65420f42 Add comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-12 09:45:03 +01:00
Jerry Yu
5a26f3000d Refactor cert exchange states 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 14:44:59 +08:00
Jerry Yu
f1c3c4e77c fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 14:44:59 +08:00
Jerry Yu
c6e6dbf2e7 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 14:44:59 +08:00
Jerry Yu
4ff9e14356 Add server certificate verfiy 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 14:44:14 +08:00
Jerry Yu
1bff711a36 tls13:server:add server certificate writing 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 14:44:14 +08:00
Jerry Yu
83da34eb59 tls13:server:add dummy write certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 14:44:14 +08:00
Andrzej Kurek
5c65c5781f Fix additional misspellings found by codespell 
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Gabor Mezei
86acf05b1e
Update signiture algorithm handling 
Rename local variables and to simplify things use static_assert to
determine if the default signiture algorithms are not fit into the
SSL handshake structure.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:19 +02:00
Gabor Mezei
53a3b14823
Update documntation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:19 +02:00
Gabor Mezei
c1051b62aa
Remove MBEDTLS_SSL_SIG_ALG_SET macro 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:19 +02:00
Gabor Mezei
3631cf693a
Rename signiture algorithm macros to better suite with TLS 1.2 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:19 +02:00
Gabor Mezei
24c7c2be08
Unify MBEDTLS_TLS_SIG_NONE macro definition for TLS 1.2 and 1.3 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:18 +02:00
Gabor Mezei
a3d016ce41
Rename and rewrite mbedtls_ssl_sig_hash_set_find function 
Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name
and rewrite to operate TLS signature algorithm identifiers.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:18 +02:00
Gabor Mezei
1226590c88
Explicitly set invalid value for the end of the signiture algorithm set 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:18 +02:00
Gabor Mezei
15b95a6c52
Use common macro for the invalid signiture algorithm botn in TLS 1.2 and 1.3 
Introduce a new macro MBEDTLS_TLS_SIG_NONE for invalid signiture algorithm.
It is intended to use in common code of TLS 1.2 and 1.3.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:18 +02:00
Gabor Mezei
1a3be088bf
Reorder defines to use previous definitions 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:18 +02:00
Gabor Mezei
078e803d2c
Unify parsing of the signature algorithms extension 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:08 +02:00
Przemek Stekiel
17520fe2c5 PSA: Add support for HKDF-Extend and HKDF-Expand algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 12:17:03 +02:00
Manuel Pégourié-Gonnard
5479f5321a
Merge pull request #5772 from superna9999/5762-rsa-decrypt-pk 
RSA decrypt 1a: PK
 2022-05-11 11:01:01 +02:00
Paul Elliott
d1a954d243
Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request 
TLS1.3: Add  HelloRetryRequest Write
 2022-05-10 17:25:33 +01:00
Dave Rodgman
4bfb007dcb Handle platform differences in gmtime_s 
MSVC and C11 specify different arguments and return value
meaning for gmtime_s.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-10 13:46:09 +01:00
Dave Rodgman
ad8dc480d4 Remove redundant comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-10 13:46:09 +01:00
Cameron Cawley
ea5496ceb3 Fix compilation with MinGW32 
Signed-off-by: Cameron Cawley <ccawley2011@gmail.com>
 2022-05-10 13:46:09 +01:00
Manuel Pégourié-Gonnard
42650260a9
Merge pull request #5783 from mprse/md_dep_v3 
Fix undeclared dependencies: MD
 2022-05-10 10:41:32 +02:00
Jerry Yu
f41553b662 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 22:20:30 +08:00
Manuel Pégourié-Gonnard
9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks 
Unify non-opaque and opaque PSKs
 2022-05-09 10:15:16 +02:00
Jerry Yu
ead5cce22c improve readability 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:58:50 +08:00
Jerry Yu
4ca9140d43 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:55:39 +08:00
Jerry Yu
66d9e6f405 refactor next state of client hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:11 +08:00
Jerry Yu
4833056833 fix ci test fails 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:11 +08:00
Jerry Yu
7f157eb31f Change alert message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:11 +08:00
Jerry Yu
b8ac19a296 send alert when second hrr needed 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:09 +08:00
Jerry Yu
6a2cd9ebf5 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:08 +08:00
Jerry Yu
b0ac10b4a8 Refactor hrr key_share 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:06 +08:00
Jerry Yu
49ca92892d refactor HRR routine 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:05 +08:00
Jerry Yu
086edc2807 refactor parse key_share ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:04 +08:00
Jerry Yu
fbe3e64b76 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:03 +08:00
Jerry Yu
c1be19f226 misc:minor improvement 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:01 +08:00
Jerry Yu
23f7a6fc5c share write_body between HRR and ServerHello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:01 +08:00
Jerry Yu
582dd069b7 Add HRR handler 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:01 +08:00
Jerry Yu
fe24d1c9f5 add named group debug helper 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:00 +08:00
Jerry Yu
93a13f2c38 Share magic word of HRR 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:48:59 +08:00
Jerry Yu
67a2c37039 tls13:hrr:add empty frame work 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:48:59 +08:00
XiaokangQian
aad9b0a286 Update code base on comments 
Change-Id: Ibc5043154515d2801565a2b99741dfda1344211c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-09 01:11:21 +00:00
XiaokangQian
a987e1d2f8 Change state machine after encrypted extension and update cases 
Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
ec6efb98bc Change variable name to output_len 
Change-Id: I0f8a40da9782b2ec7af7e6f1faf1ac5c7e589418
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
cec9ae6259 Change the code places of CERTIFICATE_REQUEST 
Change-Id: I3aa293184fea4f960782675bdd520256c808bd4e
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
45c22201b3 Update test cases and encrypted extension state set 
Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
2f150e184f Update status and add test cases for client certificate request 
Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
1f1f1e3372 Temp change to align with client/server hello style 
Change-Id: I8befbbcb5d6f7fdb230022825dcb856e19d9bec0
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
9dc4450647 Fix commets issue about coding styles 
Change-Id: I930a062e137562e0b129b9b9b191e5c864f8104d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
eaf3651e31 Rebase and solve conflicts 
Change handshake_msg related functions
Share the ssl_write_sig_alg_ext

Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
Xiaofei Bai
5ee73d84a9 Address review comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-05-07 01:37:04 +00:00
Xiaofei Bai
9ca09d497f Add writing CertificateRequest msg on server side 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-05-07 01:37:04 +00:00
Pol Henarejos
b101cb6111
Since the group is unloaded for all curves, it is better to initialize the group also for all curves. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-06 18:43:58 +02:00
Ronald Cron
25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext 
TLS1.3: add writing encrypted extensions on server side.
 2022-05-06 13:54:45 +02:00
Przemek Stekiel
c1e41bb2b5 rsa.c: remove redundant include of md.h 
rsa.c includes rsa.h that includes md.h

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 11:42:18 +02:00
Przemek Stekiel
ef1fb4a3d3 Deprecate mbedtls_cipher_setup_psa() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 10:55:10 +02:00
Jerry Yu
ef2b98a246 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-06 16:40:05 +08:00
Jerry Yu
f86eb75c58 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-06 11:16:55 +08:00
Pol Henarejos
aa68d36234
Fix order value for curve x448. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 19:22:29 +02:00
Neil Armstrong
8ecd66884f Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-05 14:01:49 +02:00
Jerry Yu
e110d258d9 Add set outbound transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-05 19:59:59 +08:00
Werner Lewis
e59a531455 Fix memcpy() UB in mbedtls_asn1_named_data() 
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-05-04 11:45:06 +01:00
Neil Armstrong
80f6f32495 Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
044a32c4c6 Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
cd05f0b9e5 Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
e952a30d47 Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
61f237afb7 Remove PSA-only code dealing with non-opaque PSA key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
501c93220d Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
b743d95051 Do not erase input key in psa_tls12_prf_psk_to_ms_set_key() 
When ALG_TLS12_PSK_TO_MS() is used, first derivation is correct
but the following derivations output data is incorrect.

This is because input key is erased in psa_tls12_prf_psk_to_ms_set_key()
since commit 03faf5d2c1.

Fixes: 03faf5d2c1 ("psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage")
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:06:22 +02:00
Neil Armstrong
30beca35f1 Guard pk_opaque_rsa_decrypt() with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 
Then mbedtls_pk_error_from_psa_rsa() also needs to be guarded with
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR to be used by pk_opaque_rsa_decrypt()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:02:37 +02:00
Jerry Yu
9da5e5a2f2 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 15:46:09 +08:00
Jerry Yu
de66d12afc remove out couter reset 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 12:15:19 +08:00
Jerry Yu
39730a70cd remove variable initial 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 12:14:04 +08:00
Jerry Yu
8937eb491a fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 12:12:14 +08:00
Neil Armstrong
6c26adc900 Do not make pk_opaque_rsa_decrypt() depend on MBEDTLS_RSA_C 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-02 14:43:04 +02:00
Neil Armstrong
1082818003 Implement PK Opaque RSA decrypt 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-02 09:14:58 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque 
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
 2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx 
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
 2022-04-29 10:47:16 +02:00
Przemek Stekiel
169bf0b8b0 Fix comments (#endif flags) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-29 07:53:29 +02:00
Neil Armstrong
a1fc18fa55 Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-28 13:27:59 +02:00
Gilles Peskine
8855e36030
Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup 
Cipher cleanup: abstract TLS mode
 2022-04-28 12:33:38 +02:00
Przemek Stekiel
8a4b7fd7c3 Optimize code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-28 10:21:03 +02:00
Jerry Yu
ab452cc257 fix name issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-28 15:27:08 +08:00
Przemek Stekiel
8abcee9290 Fix typos 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-28 09:16:28 +02:00
Neil Armstrong
2230e6c06d Simplify PSA transform->ivlen set in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-27 10:36:14 +02:00
Neil Armstrong
3bf040ed70 Reorganize PSA/!PSA code in mbedtls_ssl_ticket_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-27 10:35:28 +02:00
Gilles Peskine
301711e96e Simplify mbedtls_ssl_get_base_mode 
Reduce the amount of ifdef's by making the USE_PSA_CRYPTO and
non-USE_PSA_CRYPTO definitions independent.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-27 10:28:55 +02:00
Gilles Peskine
e108d987ea Simplify mbedtls_ssl_get_mode 
Reduce the imbrications between preprocessor directives and C instructions.
Handle encrypt-then-mac separately.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-27 10:28:55 +02:00
Jerry Yu
4d3841a4d1 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-25 19:41:47 +08:00
Xiaofei Bai
cba64af50d TLS1.3: add writing encrypted extensions 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-04-25 19:41:47 +08:00
Ronald Cron
eecd0d2fc3
Merge pull request #5679 from yuhaoth/pr/add-tls13-write-server-hello 2022-04-25 09:28:40 +02:00
Jerry Yu
e65d801580 fix undeclare error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-23 10:34:35 +08:00
Biswapriyo Nath
d7e0ee42b8 cmake: Fix runtime library install location in mingw 
This install DLLs in bin directory instead of lib.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
 2022-04-22 20:59:50 +05:30
Biswapriyo Nath
0f2e87bdf5 cmake: Use GnuInstallDirs to customize install directories 
Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable.
For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
 2022-04-22 20:59:28 +05:30
Gilles Peskine
2f8c2a5fc5
Merge pull request #5753 from tom-cosgrove-arm/fix-missing-prototypes-warnings-a64-sha256-sha512 
Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration
 2022-04-22 16:45:23 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap 
Improve benchmarking of ECC heap usage
 2022-04-22 16:43:11 +02:00
Jerry Yu
955ddd75a3 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 22:27:33 +08:00
Przemek Stekiel
99114f3084 Fix build flags for opaque/raw psk checks 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:34 +02:00
Przemek Stekiel
cb322eac6b Enable support for psa opaque DHE-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel
b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel
14d11b0877 Enable support for psa opaque ECDHE-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:53:55 +02:00
Przemek Stekiel
19b80f8151 Enable support for psa opaque ECDHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel
51a1f36be0 setup_psa_key_derivation(): change salt parameter to other_secret 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel
aeb710fec5 Enable support for psa opaque RSA-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel
f2534ba69b tls12_client: skip PMS generation for opaque RSA-PSK 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Przemek Stekiel
c2033409e3 Add support for psa rsa-psk key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Przemek Stekiel
ae4ed30435 Fix naming: random bytes are the seed (not salt) in derivation process 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Przemek Stekiel
1f02703e53 setup_psa_key_derivation(): add optional salt parameter 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Manuel Pégourié-Gonnard
55132c6a9a
Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context 
TLS ECDH 4: remove legacy context
 2022-04-22 14:27:06 +02:00
Neil Armstrong
76b7407bd7 Use MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM to enable ssl_write_encrypt_then_mac_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
f2c82f0a3b Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
ccc074e44d Use correct condition to use encrypt_then_mac in ssl_tls.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
d1be7674a4 Use PSA_BLOCK_CIPHER_BLOCK_LENGTH instead of PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
6b27c97a91 Rename mbedtls_get_mode() to mbedtls_ssl_get_mode() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
ab555e0a6c Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
858581e81a Remove cipher_info in mbedtls_ssl_ticket_setup() when USE_PSA_CRYPTO is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
a0eeb7f470 Remove cipher_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
7fea33ea4d Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
fe635e42c9 Use mbedtls_get_mode_from_ciphersuite() in server-side ssl_write_encrypt_then_mac_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
4bf4c8675f Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
136f8409df Replace PSA/Cipher logic with mbedtls_get_mode_from_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:26 +02:00
Neil Armstrong
8a0f3e8cf0 Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:26 +02:00
Jerry Yu
a09f5e98ef fix build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:46:03 +08:00
Jerry Yu
cfc04b3541 Update comments in write server hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:02 +08:00
Jerry Yu
e74e04af1a Rename write supported_versions ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:02 +08:00
Jerry Yu
d9436a1baa remove guards for write_key_share 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:02 +08:00
Jerry Yu
57d4841eda fix write key_share issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:02 +08:00
Jerry Yu
637a3f1090 fix various issues 
typo issue, variable `ret` init value
and remove finalize_server_hello

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
1c3e688df1 fix comments issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
349a61388b fix write selected_version fail 
And rename write_supported_versions to
write selected_version

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
fb9f54db8c fix comments issue 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
89e103c54c tls13: Share write ecdh_key_exchange function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
3bf2c6449d tls13: write server hello compile pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
56404d70c4 tls13:server:Add finalize write_server_hello and dummy body 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
f4b27e4351 tls13:server:Add prepare write_server_hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
5b64ae9bad tls13:server:Add base framework for serverhello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server 
Add client hello into server side
 2022-04-22 10:26:00 +02:00
XiaokangQian
e8ff350698 Update code to align with tls13 coding standard 
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-22 02:34:40 +00:00
Leonid Rozenboim
287527042b Avoid potentially passing NULL arguments 
Several call sites flagged by Coverity that may potentially cause
a pointer argument to be NULL.

In two cases the issue is using a function call as a parameter to
a second function, where the first function may return NULL, while
the second function does not check for the NULL argument value.

Remaining case is when static configuration is mixed with run-time
decision, that could result in a data buffer argument being NULL.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-04-21 18:00:52 -07:00
Manuel Pégourié-Gonnard
70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2 
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
 2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard
90c70146b5
Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign 
RSA-PSS sign 1: PK
 2022-04-21 17:11:18 +02:00
XiaokangQian
4d3a60475c Change default config version to development style 
Change-Id: I9c1088f235524211e727d03b96de8d82e60bd426
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 13:46:17 +00:00
XiaokangQian
4e8cd7b903 Remove useless selected_group 
Change-Id: I5fb76b5bf4b22d0231c17314783781f9e7c309a3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 13:30:18 +00:00
Neil Armstrong
13e76be02b Reorganize & simplify mbedtls_pk_sign_ext() handling of wrapped RSA-PSS 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-21 12:08:52 +02:00
Przemek Stekiel
4e47a91d2e Fix indentation issues 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel
03faf5d2c1 psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel
937b90febf Add null check for pms allocation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel
e47201b34a rename: psa_tls12_prf_set_other_key->psa_tls12_prf_psk_to_ms_set_other_key and adapt code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel
2503f7e4cb Handle empty other secret when passed with input bytes 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
XiaokangQian
060d867598 Update parse_key_share in server side and version config 
Change-Id: Ic91c061027d0ee4dca2055df21809cbb4388f3ef
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 09:24:56 +00:00
XiaokangQian
0a1b54ed73 Minor change the place of some functions 
Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 03:01:38 +00:00
XiaokangQian
75d40ef8cb Refine code base on review 
Remove useless hrr code
Share validate_cipher_suit between client and server
Fix test failure when tls13 only in server side

Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 11:05:24 +00:00
XiaokangQian
318dc763a6 Fix test failure issue and update code styles 
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 09:43:51 +00:00
XiaokangQian
de33391fa0 Rebase and solve conflicts 
Change-Id: I7f838ff5b607fe5e6b68d74d0edc1def8fc9a744
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 08:49:42 +00:00
XiaokangQian
0803755347 Update code base on review comments 
Refine named_group parsing
Refine cipher_suites parsing
Remove hrr related part
Share code between client and server side
Some code style changes

Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:50:14 +00:00
XiaokangQian
17f974c63e Re-order the ciphersuite matching code in parse_client_hello 
Change-Id: I16d11bca42993d4abc2a1b19fa087366c591927c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
84823779ce Only store the first group in ssl_tls13_parse_supported_groups_ext() 
Change-Id: I4427149aeb6eb453150e522e4c7b11187e2e3825
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
3f84d5d0cd Update test cases and fix the test failure 
Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
b67384d05c Fix coding style and comments styles 
Change-Id: Ifa37a3288fbb6b5206fc0640fa11fa36cb3189ff
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
f8ceb94fe7 Fix the parse_sig_alg_ext fail issue 
Change-Id: Ib31e0929c5b6868ab6c3023b20472321fc07ba3c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
8f9dfe41c0 Fix comments about coding styles and test cases 
Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8 Fix comments and remove hrr related code 
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
ed582dd023 Update based on comments 
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello

Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
4080a7f687 Change code style and some share functions 
Change variables and functions name style
Refine supported_version
Refine client hello parse

Change-Id: Iabc1db51e791588f999c60db464326e2bdf7b2c4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
9b5d04b078 Share parse_key_share() between client and server 
Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
c4b8c99a38 Rebase and solve conflicts and issues 
Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
8840888fbc Fix some CI issues 
Change-Id: I68ee024f29b7b8dd586f2c45e91950657e76bad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
c5763b5efd Change some code style 
Change-Id: I67bb642e81693489345867ca87d7e9daa22f83ea
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
3207a32b1e Fix unused parameter issue and not defined cookie issue 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
7ac3ab3404 Add hello retry request count for server 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
a9c58419f2 Fix compile and test issues 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
7807f9f5c9 Add client hello into server side 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
Ronald Cron
fd8cbda3ec Remove ECDH code specific to TLS 1.3 
ECDH operations in TLS 1.3 are now done through PSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-04-19 18:31:24 +02:00
Ronald Cron
fd6193c285 ssl_tls13_client: Add downgrade attack protection 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-04-19 18:31:24 +02:00
Ronald Cron
217d699d85 Fix Doxygen marks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-04-19 18:28:51 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers 
Unify internal/external TLS protocol version enums
 2022-04-19 17:05:26 +01:00
Tom Cosgrove
c144ca6473 Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration 
Fixes #5752

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-04-19 13:52:24 +01:00
Hanno Becker
606cb1626f Add comment explaining structure of UMAAL assembly 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-17 06:59:33 +01:00
Hanno Becker
d46d96cc3f Add 2-fold unrolled assembly for umaal based multiplication 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-17 06:19:55 +01:00
Hanno Becker
63eb28c728 Use separate counters for 8-fold and single multiplication steps 
Compilers are likely to generate shorter assembly for loops of the
form `while( cnt-- ) { ... }` rather than
`for( ; count >= X; count -= X ) { ... }`. (E.g. the latter needs
a subtract+compare+branch after each loop, while the former only
needs decrement+branch).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-17 06:16:03 +01:00
Hanno Becker
eacf3b9eb4 Simplify organization of inline assembly for bignum 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-17 06:16:03 +01:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail 
PSA: systematically test operation failure
 2022-04-15 10:52:47 +02:00
Manuel Pégourié-Gonnard
63ed7cbf36
Merge pull request #5701 from hanno-arm/mpi_mul_hlp 
Make size of output in mpi_mul_hlp() explicit
 2022-04-15 10:09:06 +02:00
Glenn Strauss
8315811ea7 Remove restrictive proto ver negotiation checks 
Overly restrictive protocol version negotiation checks might be
"version intolerant".  TLS 1.3 and DTLS 1.3 move the version to
the "supported_versions" ClientHello extension.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
bbdc83b55b Use mbedtls_ssl_protocol_version in public structs 
Use mbedtls_ssl_protocol_version in public structs, even when doing
so results in a binary-incompatible change to the public structure

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
cd78df6aa4 handshake->min_minor_ver to ->min_tls_version 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
041a37635b Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks 
mbedtls no longer supports earlier TLS protocol versions

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version 
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d mbedtls_ssl_config min_tls_version, max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).

New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:39:43 -04:00
Glenn Strauss
da7851c825 Rename mbedtls_ssl_session minor_ver to tls_version 
Store the TLS version instead of minor version number in tls_version.

Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms.  The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.

Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:23:57 -04:00
Glenn Strauss
07c641605e Rename mbedtls_ssl_transform minor_ver to tls_version 
Store the TLS version in tls_version instead of minor version number.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:23:54 -04:00
Glenn Strauss
dff84620a0 Unify internal/external TLS protocol version enums 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 13:45:20 -04:00
Hanno Becker
3577131bb4 Reintroduce trimming of input in mbedtls_mpi_mul_int() 
Removing the trimming has significant memory impact. While it is clearly what
we want to do eventually for constant-time'ness, it should be fixed alongside
a strategy to contain the ramifications on memory usage.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-14 11:52:11 +01:00
Neil Armstrong
769dc05597 Remove bad dependency on MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED for ecdh_ctx guard 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-14 09:56:24 +02:00
Neil Armstrong
282750215c Remove PSA only code from non-PSA code block code in ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 15:05:11 +02:00
Neil Armstrong
11d4945248 Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 15:03:43 +02:00
Neil Armstrong
1f198d8dee Simplify by moving ssl_check_server_ecdh_params in the ECDHE non-PSA compile-time block 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 15:02:30 +02:00
Neil Armstrong
913b364a52 Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 14:59:48 +02:00
Manuel Pégourié-Gonnard
6c242a01f7
Merge pull request #5634 from superna9999/5625-pk-opaque-rsa-basics 
PK Opaque RSA sign
 2022-04-13 09:55:42 +02:00
Hanno Becker
0dbf04a9a6 Remove unnecessary memory operations in p25519 quasireduction 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-13 07:26:53 +01:00
Hanno Becker
1772e05fca Reduce the scope of local variable in mbedtls_mpi_mul_mpi() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-13 07:26:53 +01:00
Hanno Becker
da763de7d0 Revert "Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi()" 
This reverts commit 808e666eee.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-13 07:26:42 +01:00
Hanno Becker
127fcabb21 Fail gracefully upon unexpectedly large input to p25519 reduction 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 22:18:36 +01:00
Neil Armstrong
62d452baac Implement PK Opaque RSA PSS signature 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 15:11:49 +02:00
Neil Armstrong
f3f46416e3 Remove ecdh_ctx variable, init & free when USE_PSA_CRYPTO isn't selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 14:43:39 +02:00
Neil Armstrong
3ea01498d8 Store TLS1.2 ECDH point format only when USE_PSA_CRYPTO isn't selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 14:41:50 +02:00
Neil Armstrong
a33a255dcf Disable non-PSA ECDHE code in mbedtls_ssl_psk_derive_premaster() when USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 14:40:47 +02:00
Neil Armstrong
d8419ff390 Refactor to make PSA and non-PSA ECDH(E) client code exclusive 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 14:39:16 +02:00
Neil Armstrong
d91526c17f Refactor to make PSA and non-PSA ECDH(E) server code exclusive 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 14:38:52 +02:00
Manuel Pégourié-Gonnard
927410ded3
Merge pull request #5611 from superna9999/5318-tls-ecdhe-psk 
TLS ECDH 3a: ECDHE-PSK (both sides, 1.2)
 2022-04-12 13:28:02 +02:00
Hanno Becker
bb04cb992f Fix check in p25519 quasi-reduction 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 11:18:11 +01:00
Hanno Becker
d830feb256 Simplify check in p25519 quasi-reduction 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 11:10:19 +01:00
Hanno Becker
2ef0cff6c3 Fix size check in p25519 modular reduction 
The check was meant to precisely catch an underflow.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 11:02:05 +01:00
Hanno Becker
0235f7512f Reduce scope of local variables in mpi_montmul() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 11:02:03 +01:00
Hanno Becker
9137b9c587 Note alternative implementation strategy in mbedtls_mpi_mul_int() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 11:01:58 +01:00
Hanno Becker
808e666eee Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-12 11:01:57 +01:00
Przemek Stekiel
d7a28646bc psa_tls12_prf_set_key(): add PSA_TLS12_PRF_STATE_OTHER_KEY_SET as a valid state 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-12 11:27:00 +02:00
Przemek Stekiel
a7695a2d76 psa_key_derivation_check_input_type(): handle PSA_KEY_DERIVATION_INPUT_OTHER_SECRET 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-12 11:27:00 +02:00
Przemek Stekiel
c8fa5a1bdd psa_tls12_prf_psk_to_ms_set_key(): add support for other secret input 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-12 11:26:47 +02:00
Gilles Peskine
43b0943736
Merge pull request #1946 from hanno-arm/alert_reentrant 
Make mbedtls_ssl_send_alert_message() reentrant
 2022-04-12 11:05:20 +02:00
Neil Armstrong
7624a5ae5e Allow RSA PK Opaque keys for RSA-PSS signing 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-12 10:09:26 +02:00
Hanno Becker
53b3c607a0 Move const keyword prior to type name 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 13:46:30 +01:00
Hanno Becker
dfcb2d084b Fix Doxygen for mbedtls_mpi_core_mla() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 13:44:15 +01:00
Hanno Becker
99ba4cc6d5 Remove Doxygen from mbedtls_mpi_core_mla() implementation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 13:44:03 +01:00
Hanno Becker
efdc519864 Reintroduce though-to-be unused variable in correct place 
The variable is a local variable for the i386 bignum assembly only;
introduce it as part of the start/finish macros.

It can be noted that the variable is initialize to 0 within MULADDC_INIT,
so there are no data dependencies across blocks of MULADDC_INIT/CORE/STOP.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 10:44:02 +01:00
Hanno Becker
5d4ceeb25c Remove const qualifier for mutable local variable in mpi_mul_hlp() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 09:46:47 +01:00
Hanno Becker
284d778d28 Address review comments 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 09:19:24 +01:00
Hanno Becker
e9dd9a1f31 Use size_t for number of limbs 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 09:06:27 +01:00
Manuel Pégourié-Gonnard
eaf3086831
Merge pull request #1133 from RonEld/1805 
Fix Shared Library compilation issue with Cmake
 2022-04-11 09:31:59 +02:00
Hanno Becker
6454993e2e Safeguard against calling p255 reduction with single-width MPI 
(In this case, there's nothing to do anyway since we only do a
quasi-reduction to N+1 limbs)

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 07:35:58 +01:00
Hanno Becker
25bb732ea7 Simplify x25519 reduction using internal bignum MLA helper 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 07:03:48 +01:00
Hanno Becker
aef9cc4f96 Rename mpi_mul_hlp -> mbedtls_mpi_core_mla and expose internally 
This paves the way for the helper to be used from the ECP module

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-11 07:03:43 +01:00
Gilles Peskine
e1730e492d
Merge pull request #5708 from AndrzejKurek/timeless-struggles 
Remove the dependency on MBEDTLS_TIME_H from the timing module
 2022-04-08 18:43:16 +02:00
Krzysztof Stachowiak
de6effa645 Change the MSVC static runtime CMake option name and moved it into the library directory 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 15:17:32 +01:00
Neil Armstrong
95a892311d Comment decrypt & encrypt callback entries of mbedtls_pk_ecdsa_opaque_info as not relevant 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-08 15:13:51 +02:00
Neil Armstrong
7df6677c34 Remove now invalid comment in pk_opaque_ecdsa_can_do() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-08 15:13:06 +02:00
Neil Armstrong
56e71d4d1a Update documentation of mbedtls_pk_setup_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-08 15:12:42 +02:00
Neil Armstrong
eccf88fa48 Only accept RSA key pair in mbedtls_pk_setup_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-08 15:11:50 +02:00
Hanno Becker
5e18f74abb Make alert sending function re-entrant 
Fixes #1916

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:16:43 +01:00
Andrzej Kurek
5735369f4a Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C 
The timing module might include time.h on its own when on 
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. 


Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-08 04:41:42 -04:00
Glenn Strauss
236e17ec26 Introduce mbedtls_ssl_hs_cb_t typedef 
Inline func for mbedtls_ssl_conf_cert_cb()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-07 14:18:30 -04:00
Przemek Stekiel
e3ee221893 Free other secret in tls12_prf context 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-07 15:41:56 +02:00
Przemek Stekiel
23650286ac Add psa_tls12_prf_set_other_key() function to store other secret input 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-07 15:41:46 +02:00
Neil Armstrong
c1152e4a0f Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong
7e1b4a45fa Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong
295aeb17e6 Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong
b980c9b48c Add support for RSA in pk_opaque_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong
ca5b55f0d1 Add support for RSA in mbedtls_pk_wrap_as_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong
eabbf9d907 Add support for RSA PK Opaque key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 14:51:47 +02:00
Andrzej Kurek
714b6603e4 Remove dummy timing implementation 
Having such implementation might cause issues for those that
expect to have a working implementation.
Having a compile-time error is better in such case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-07 07:44:04 -04:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh 
TLS ECDH 3b: server-side static ECDH (1.2)
 2022-04-07 11:46:25 +02:00
Hanno Becker
e141702551 Adjust mpi_montmul() to new signature of mpi_mul_hlp() 
A previous commit has changed the signature of mpi_mul_hlp, making the length
of the output explicit. This commit adjusts mpi_montmul() accordingly.

It also fixes a comment on the required size of the temporary value
passed to mpi_montmul() (but does not change the call-sites).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:59:34 +01:00
Hanno Becker
74a11a31cb Adjust mbedtls_mpi_mul_int() to changed signature of mpi_mul_hlp() 
A previous commit has changed the signature of mpi_mul_hlp(), making
the length of the output explicit.

This commit adjusts mbedtls_mpi_mul_int() to this change.

Along the way, we make the code simpler and more secure by not calculating
the minimal limb-size of A. A previous comment indicated that this was
functionally necessary because of the implementation of mpi_mul_hlp() --
if it ever was, it isn't anymore.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:59:34 +01:00
Hanno Becker
fee261a505 Adjust mbedtls_mpi_mul_mpi() to new signature of mpi_mul_hlp() 
The previous commit has changed the signature of mpi_mul_hlp(),
making the length of the output explicit.

This commit adjusts the call-site in mbedtls_mpi_mul_mpi() to
this new signature.

A notable change to the multiplication strategy had to be made:
mbedtls_mpi_mul_mpi() performs a simple row-wise schoolbook
multiplication, which however was so far computed iterating
rows from top to bottom. This leads to the undesirable consequence
that as lower rows are calculated and added to the temporary
result, carry chains can grow. It is simpler and faster to
iterate from bottom to top instead, as it is guaranteed that
there will be no carry when adding the next row to the previous
temporary result: The length of the output in each iteration
can be fixed to len(B)+1.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:59:34 +01:00
Hanno Becker
defe56928e Make length of output explicit in mpi_mul_hlp() 
The helper `mpi_mul_hlp()` performs a multiply-accumulate
operation `d += s * b`, where `d,b` are MPIs and `b` is a scalar.

Previously, only the length of `s` was specified, while `d` was
assumed to be 0-terminated of unspecified length.

This was leveraged at the end of the core multiplication steps
computingg the first `limb(s)` limbs of `d + s*b`: Namely, the
routine would keep on adding the current carry to `d` until none
was left. This can, in theory, run for an arbitrarily long time
if `d` has a tail of `0xFF`s, and hence the assumption of
`0`-termination.

This solution is both fragile and insecure -- the latter because
the carry-loop depends on the result of the multiplication.

This commit changes the signature of `mpi_mul_hlp()` to receive
the length of the output buffer, which must be greater or equal
to the length of the input buffer.

It is _not_ assumed that the output buffer is strictly larger
than the input buffer -- instead, the routine will simply return
any carry that's left. This will be useful in some applications
of this function. It is the responsibility of the caller to either
size the output appropriately so that no carry will be left, or
to handle the carry.

NOTE: The commit leaves the library in a state where it cannot
      be compiled since the call-sites of mpi_mul_hlp() have
      not yet been adjusted. This will be done in the subsequent
      commits.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:59:29 +01:00
Hanno Becker
e7f14a3090 Remove unused variable in mpi_mul_hlp() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:11:26 +01:00
Gilles Peskine
a9b6c8074a Fix psa_mac_verify() returning BUFFER_TOO_SMALL 
It doesn't make sense for psa_mac_verify() to return
PSA_ERROR_BUFFER_TOO_SMALL since it doesn't have an output buffer. But this
was happening when requesting the verification of an unsupported algorithm
whose output size is larger than the maximum supported MAC size, e.g.
HMAC-SHA-512 when building with only SHA-256 support. Arrange to return
PSA_ERROR_NOT_SUPPORTED instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:03:39 +02:00
Gilles Peskine
695c4cb7ea If a cipher algorithm is not supported, fail during setup 
In some cases, a cipher operation for an unsupported algorithm could succeed
in psa_cipher_{encrypt,decrypt}_setup() and fail only when input is actually
fed. This is not a major bug, but it has several minor downsides: fail-late
is harder to diagnose for users than fail-early; some code size can be
gained; tests that expect failure for not-supported parameters would have to
be accommodated to also accept success.

This commit at least partially addresses the issue. The only completeness
goal in this commit is to pass our full CI, which discovered that disabling
only PSA_WANT_ALG_STREAM_CIPHER or PSA_WANT_ALG_ECB_NO_PADDING (but keeping
the relevant key type) allowed cipher setup to succeed, which caused
failures in test_suite_psa_crypto_op_fail.generated in
component_test_psa_crypto_config_accel_xxx.

Changes in this commit:
* mbedtls_cipher_info_from_psa() now returns NULL for unsupported cipher
  algorithms. (No change related to key types.)
* Some code that is only relevant for ECB is no longer built if
  PSA_WANT_ALG_ECB_NO_PADDING is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:03:39 +02:00
Gilles Peskine
0c3a071300 Make psa_key_derivation_setup return early if the key agreement is not supported 
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:00:01 +02:00
Gilles Peskine
0cc417d34b Make psa_key_derivation_setup return early if the hash is not supported 
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 14:58:39 +02:00
Gilles Peskine
9efde4f2ec Simplify is_kdf_alg_supported in psa_key_derivation_setup_kdf 
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 14:57:20 +02:00
Przemek Stekiel
8583627ece psa_ssl_status_to_mbedtls: add conversion of PSA_ERROR_BUFFER_TOO_SMALL 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-05 10:50:53 +02:00
Neil Armstrong
1039ba5c98 Check if not using Opaque PSK in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:33:01 +02:00
Neil Armstrong
ede381c808 Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:33:01 +02:00
Neil Armstrong
3cae167e6a Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
e18ff952a7 Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
b7ca76b652 Use intermediate pointer for readability and rename PMS pointer in ECHDE-PSK PSA version of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
fdf20cb513 Fix command indentation in ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
2d63da9269 Introduce zlen size variable in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
d6e2759afb Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
fb0a81ece9 Return PSA translated errors in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
5a1455d8d5 Remove useless braces in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
3bcef08335 Update comments in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
549a3e4737 Initialize uninitialized variable in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
fc834f2e2c Introduce content_len_size variable in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
0bdb68a242 Introduce zlen size variable in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:52 +02:00
Neil Armstrong
d8420cad31 Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:52 +02:00
Neil Armstrong
c530aa6b4e Return PSA translated errors in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:52 +02:00
Neil Armstrong
b9f319aec1 Remove useless braces in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:51 +02:00
Neil Armstrong
2540045542 Update comments in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:07 +02:00
Neil Armstrong
bc5e8f9dd0 Initialize uninitialized variables in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:07 +02:00
Neil Armstrong
039db29c7d Implement PSA server-side ECDHE-PSK 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:07 +02:00
Neil Armstrong
868af821c9 Implement PSA client-side ECDHE-PSK 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:06 +02:00
Przemek Stekiel
a9f9335ee9 ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check 
This check can be removed as if the buffer is too small for the key, then export will fail.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-04 17:32:30 +02:00
Neil Armstrong
e88d190f2e Set ecdh_psa_privkey_is_external to 1 right after setting ecdh_psa_privkey in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-04 11:27:57 +02:00
Neil Armstrong
f716a700a1 Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-04 11:23:46 +02:00
Manuel Pégourié-Gonnard
de68e39ddf
Merge pull request #5568 from superna9999/5159-pk-rsa-verification 
PK: RSA verification
 2022-04-04 11:23:33 +02:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 
TLS 1.2/1.3 version negotiation - 2
 2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors 
Accessors to own CID within mbedtls_ssl_context
 2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard
6a25159c69
Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations 
HKDF 2: use internal implementations in TLS 1.3
 2022-04-01 11:15:29 +02:00
Manuel Pégourié-Gonnard
451114fe42
Merge pull request #5647 from superna9999/5179-follow-up-tls-record-hmac-no-mdinfo 
Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
 2022-04-01 10:04:56 +02:00
Paul Elliott
0113cf1022 Add accessor for own cid to ssl context 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-31 19:21:41 +01:00
Ronald Cron
11218dda96 ssl_client.c: Fix unused parameter 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:25:27 +02:00
Ronald Cron
bdb4f58cea Add and update documentation of some minor version fields 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:24:59 +02:00
Ronald Cron
82c785fac3 Make handshake::min_minor_ver client only 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 15:44:41 +02:00
Neil Armstrong
91477a7964 Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:18 +02:00
Neil Armstrong
1335222f13 Return translated PSA error in PSA version of ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:18 +02:00
Neil Armstrong
f788253ed3 Fix comment typo in PSA version of ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Neil Armstrong
80325d00cf Allow ECDSA PK Opaque keys for ECDH Derivation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Neil Armstrong
104a7c1d29 Handle Opaque PK EC keys in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Neil Armstrong
8113d25d1e Add ecdh_psa_shared_key flag to protect PSA privkey if imported 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Neil Armstrong
5cd5f76d67 Use mbedtls_platform_zeroize() in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Neil Armstrong
4f33fbc7e9 Use PSA define for max EC key pair size in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Neil Armstrong
306d6074b3 Fix indentation issue in PSA version of ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Neil Armstrong
062de7dd79 Use PSA_BITS_TO_BYTES instead of open-coded calculation in PSA version of ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Neil Armstrong
1f4b39621b Implement PSA server-side ECDH-RSA/ECDSA 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Ronald Cron
6476726ce4 Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 14:13:57 +02:00
Ronald Cron
a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1 
TLS 1.2/1.3 version negotiation - 1
 2022-03-31 11:47:16 +02:00
Ronald Cron
ba120bb228 ssl_tls13_client.c: Fix ciphersuite final validation 
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron
8fdad9e534 ssl_tls12_client.c: Remove duplicate of ciphersuite validation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron
757a2abfe2 ssl_client.c: Extend and export ciphersuite validation function 
Extend and export ciphersuite validation function
to be able to use it in TLS 1.2/3 specific code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron
f735cf1f0f ssl_tls.c: Fix ciphersuite selection regarding protocol version 
Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron
9847338429 ssl_tls13_client.c: Add check in supported_versions parsing 
Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:33:41 +02:00
Ronald Cron
1fa4f6863b ssl_tls.c: Return in error if default config fails 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:27:35 +02:00
Ronald Cron
a77fc2756e ssl_tls13_client.c: versions ext writing : Fix available space check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:27:35 +02:00
Ronald Cron
37bdaab64f tls: Simplify the logic of the config version check and test it 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:26:58 +02:00
Ronald Cron
3cffc5ccb1 tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-30 21:59:44 +02:00
Ronald Cron
150d579d7a ssl_client.c: Improve coding style 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-30 21:58:50 +02:00
Neil Armstrong
e451295179 Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:41:12 +02:00
Neil Armstrong
253e9e7e6d Use mbedtls_rsa_info directly in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
ea54dbe7c2 Fix comment typo in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
19e6bc4c9f Use new PSA to mbedtls PK error mapping functions in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
8a44bb47ac Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
82cf804e34 Fix 80 characters indentation in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
6baea78072 Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
a33280af6c Check psa_destroy_key() return in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
059a80c212 Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
52f41f8228 PK: RSA verification PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Ronald Cron
da41b38c42 Improve and fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-30 14:10:03 +02:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over 
Add mbedtls_ssl_is_handshake_over()
 2022-03-30 12:16:40 +02:00
Gabor Mezei
e42d8bf83b
Add macro guard for header file 
Some of the macros are used by the test data files and must be moved
before the macros guard.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-30 11:33:06 +02:00
Manuel Pégourié-Gonnard
abed05f335
Merge pull request #5652 from arturallmann/issue-commit 
Fix comment typo in threading.c
 2022-03-30 10:01:24 +02:00
Ronald Cron
8ecd9937a9 ssl_client.c: Fix state change for DTLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
f660655b84 TLS: Allow hybrid TLS 1.2/1.3 in default configurations 
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
e71639d39b Simplify TLS major version default value setting 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
dbe87f08ec Propose TLS 1.3 and TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
9f0fba374c Add logic to switch to TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
e1d3f06399 Allow hybrid TLS 1.3 + TLS 1.2 configuration 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
fbd9f99f10 ssl_tls.c: Move some client specific functions to ssl_client.c 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
7320e6436b ssl_tls12_client.c: Switch to generic Client Hello state handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
27c85e743f ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
5f4e91253f ssl_client.c: Add DTLS ClientHello message sending specifics 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
4079abc7d1 ssl_client.c: Adapt extensions writing to the TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
11e1857f5e ssl_client.c: Fix key share code guards 
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
df823bf39b ssl_client.c: Re-order partially extension writing 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:57:54 +02:00
Ronald Cron
42c1cbf1de ssl_client.c: Adapt compression methods comment to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:56:58 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export 
Add ECP keypair export function
 2022-03-29 17:19:04 +01:00
Artur Allmann
3f396152b7 Fix typo "phtreads" to "pthreads" 
Closes issue #5349

Signed-off-by: Artur Allmann <Artur.Allmann@tptlive.ee>
 2022-03-29 17:43:56 +02:00
Ronald Cron
d491c2d779 ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:57 +02:00
Ronald Cron
a874aa818a ssl_client.c: Add DTLS 1.2 cookie support 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:57 +02:00
Ronald Cron
021b1785ef ssl_client.c: Adapt session id generation to the TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:57 +02:00
Ronald Cron
58b803818d ssl_client.c: Adapt TLS random generation and writing to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:50 +02:00
Gabor Mezei
cb5ef6a532
Remove duplicated includes 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:10:01 +02:00
Gabor Mezei
55c49a3335
Use proper macro guard 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:09:15 +02:00
Gabor Mezei
29e7ca89d5
Fix typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:08:49 +02:00
Gabor Mezei
c09437526c
Remove commented out code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:08:15 +02:00
Ronald Cron
1614eb668c ssl_client.c: Adapt TLS version writing to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron
86a477f5ee ssl_client.c: Adapt initial version selection to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron
5456a7f89c ssl_client.c: Expand ssl_write_client_hello_body doc with TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron
71c2332860 ssl_client.c: Rename TLS 1.3 ClientHello writing functions 
Rename TLS 1.3 ClientHello writing functions
aiming to support TLS 1.2 as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron
3d580bf4bd Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal 
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
 2022-03-29 15:34:12 +01:00
Ronald Cron
8f6d39a81d Make some handshake TLS 1.3 utility routines available for TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
7ffe7ebe38 ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards 
Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will
be necessary when the ClientHello writing code is
made available when MBEDTLS_SSL_PROTO_TLS1_2 is
enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
04fbd2b2ff ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00