Commit graph

8804 commits

Author SHA1 Message Date
Gilles Peskine
e108d987ea Simplify mbedtls_ssl_get_mode
Reduce the imbrications between preprocessor directives and C instructions.
Handle encrypt-then-mac separately.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-27 10:28:55 +02:00
Jerry Yu
4d3841a4d1 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-25 19:41:47 +08:00
Xiaofei Bai
cba64af50d TLS1.3: add writing encrypted extensions
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-04-25 19:41:47 +08:00
Ronald Cron
eecd0d2fc3
Merge pull request #5679 from yuhaoth/pr/add-tls13-write-server-hello 2022-04-25 09:28:40 +02:00
Jerry Yu
e65d801580 fix undeclare error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-23 10:34:35 +08:00
Gilles Peskine
2f8c2a5fc5
Merge pull request #5753 from tom-cosgrove-arm/fix-missing-prototypes-warnings-a64-sha256-sha512
Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration
2022-04-22 16:45:23 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap
Improve benchmarking of ECC heap usage
2022-04-22 16:43:11 +02:00
Jerry Yu
955ddd75a3 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 22:27:33 +08:00
Przemek Stekiel
99114f3084 Fix build flags for opaque/raw psk checks
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:34 +02:00
Przemek Stekiel
cb322eac6b Enable support for psa opaque DHE-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
14d11b0877 Enable support for psa opaque ECDHE-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:53:55 +02:00
Przemek Stekiel
19b80f8151 Enable support for psa opaque ECDHE-PSK key exchange on the client side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
51a1f36be0 setup_psa_key_derivation(): change salt parameter to other_secret
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
aeb710fec5 Enable support for psa opaque RSA-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
f2534ba69b tls12_client: skip PMS generation for opaque RSA-PSK
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Przemek Stekiel
c2033409e3 Add support for psa rsa-psk key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Przemek Stekiel
ae4ed30435 Fix naming: random bytes are the seed (not salt) in derivation process
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Przemek Stekiel
1f02703e53 setup_psa_key_derivation(): add optional salt parameter
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Manuel Pégourié-Gonnard
55132c6a9a
Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context
TLS ECDH 4: remove legacy context
2022-04-22 14:27:06 +02:00
Neil Armstrong
76b7407bd7 Use MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM to enable ssl_write_encrypt_then_mac_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
f2c82f0a3b Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
ccc074e44d Use correct condition to use encrypt_then_mac in ssl_tls.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
d1be7674a4 Use PSA_BLOCK_CIPHER_BLOCK_LENGTH instead of PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE in ssl_tls12_populate_transform()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
6b27c97a91 Rename mbedtls_get_mode() to mbedtls_ssl_get_mode()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
ab555e0a6c Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
858581e81a Remove cipher_info in mbedtls_ssl_ticket_setup() when USE_PSA_CRYPTO is defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
a0eeb7f470 Remove cipher_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
7fea33ea4d Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
fe635e42c9 Use mbedtls_get_mode_from_ciphersuite() in server-side ssl_write_encrypt_then_mac_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
4bf4c8675f Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
136f8409df Replace PSA/Cipher logic with mbedtls_get_mode_from_transform()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:26 +02:00
Neil Armstrong
8a0f3e8cf0 Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:26 +02:00
Jerry Yu
a09f5e98ef fix build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:46:03 +08:00
Jerry Yu
cfc04b3541 Update comments in write server hello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:02 +08:00
Jerry Yu
e74e04af1a Rename write supported_versions ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:02 +08:00
Jerry Yu
d9436a1baa remove guards for write_key_share
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:02 +08:00
Jerry Yu
57d4841eda fix write key_share issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:02 +08:00
Jerry Yu
637a3f1090 fix various issues
typo issue, variable `ret` init value
and remove finalize_server_hello

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Jerry Yu
1c3e688df1 fix comments issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Jerry Yu
349a61388b fix write selected_version fail
And rename write_supported_versions to
write selected_version

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Jerry Yu
fb9f54db8c fix comments issue
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Jerry Yu
89e103c54c tls13: Share write ecdh_key_exchange function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Jerry Yu
3bf2c6449d tls13: write server hello compile pass
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Jerry Yu
56404d70c4 tls13:server:Add finalize write_server_hello and dummy body
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Jerry Yu
f4b27e4351 tls13:server:Add prepare write_server_hello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Jerry Yu
5b64ae9bad tls13:server:Add base framework for serverhello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
Add client hello into server side
2022-04-22 10:26:00 +02:00
XiaokangQian
e8ff350698 Update code to align with tls13 coding standard
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-22 02:34:40 +00:00
Manuel Pégourié-Gonnard
70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard
90c70146b5
Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign
RSA-PSS sign 1: PK
2022-04-21 17:11:18 +02:00
XiaokangQian
4d3a60475c Change default config version to development style
Change-Id: I9c1088f235524211e727d03b96de8d82e60bd426
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-21 13:46:17 +00:00
XiaokangQian
4e8cd7b903 Remove useless selected_group
Change-Id: I5fb76b5bf4b22d0231c17314783781f9e7c309a3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-21 13:30:18 +00:00
Neil Armstrong
13e76be02b Reorganize & simplify mbedtls_pk_sign_ext() handling of wrapped RSA-PSS
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-21 12:08:52 +02:00
Przemek Stekiel
4e47a91d2e Fix indentation issues
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
03faf5d2c1 psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
937b90febf Add null check for pms allocation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
e47201b34a rename: psa_tls12_prf_set_other_key->psa_tls12_prf_psk_to_ms_set_other_key and adapt code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
2503f7e4cb Handle empty other secret when passed with input bytes
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
XiaokangQian
060d867598 Update parse_key_share in server side and version config
Change-Id: Ic91c061027d0ee4dca2055df21809cbb4388f3ef
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-21 09:24:56 +00:00
XiaokangQian
0a1b54ed73 Minor change the place of some functions
Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-21 03:01:38 +00:00
XiaokangQian
75d40ef8cb Refine code base on review
Remove useless hrr code
Share validate_cipher_suit between client and server
Fix test failure when tls13 only in server side

Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 11:05:24 +00:00
XiaokangQian
318dc763a6 Fix test failure issue and update code styles
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 09:43:51 +00:00
XiaokangQian
de33391fa0 Rebase and solve conflicts
Change-Id: I7f838ff5b607fe5e6b68d74d0edc1def8fc9a744
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 08:49:42 +00:00
XiaokangQian
0803755347 Update code base on review comments
Refine named_group parsing
Refine cipher_suites parsing
Remove hrr related part
Share code between client and server side
Some code style changes

Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:50:14 +00:00
XiaokangQian
17f974c63e Re-order the ciphersuite matching code in parse_client_hello
Change-Id: I16d11bca42993d4abc2a1b19fa087366c591927c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
84823779ce Only store the first group in ssl_tls13_parse_supported_groups_ext()
Change-Id: I4427149aeb6eb453150e522e4c7b11187e2e3825
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
3f84d5d0cd Update test cases and fix the test failure
Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
b67384d05c Fix coding style and comments styles
Change-Id: Ifa37a3288fbb6b5206fc0640fa11fa36cb3189ff
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
f8ceb94fe7 Fix the parse_sig_alg_ext fail issue
Change-Id: Ib31e0929c5b6868ab6c3023b20472321fc07ba3c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
8f9dfe41c0 Fix comments about coding styles and test cases
Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8 Fix comments and remove hrr related code
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
ed582dd023 Update based on comments
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello

Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
4080a7f687 Change code style and some share functions
Change variables and functions name style
Refine supported_version
Refine client hello parse

Change-Id: Iabc1db51e791588f999c60db464326e2bdf7b2c4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
9b5d04b078 Share parse_key_share() between client and server
Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
c4b8c99a38 Rebase and solve conflicts and issues
Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
8840888fbc Fix some CI issues
Change-Id: I68ee024f29b7b8dd586f2c45e91950657e76bad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
c5763b5efd Change some code style
Change-Id: I67bb642e81693489345867ca87d7e9daa22f83ea
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
3207a32b1e Fix unused parameter issue and not defined cookie issue
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
7ac3ab3404 Add hello retry request count for server
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
a9c58419f2 Fix compile and test issues
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
7807f9f5c9 Add client hello into server side
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
Ronald Cron
fd8cbda3ec Remove ECDH code specific to TLS 1.3
ECDH operations in TLS 1.3 are now done through PSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Ronald Cron
fd6193c285 ssl_tls13_client: Add downgrade attack protection
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Ronald Cron
217d699d85 Fix Doxygen marks
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:28:51 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Tom Cosgrove
c144ca6473 Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration
Fixes #5752

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-04-19 13:52:24 +01:00
Hanno Becker
606cb1626f Add comment explaining structure of UMAAL assembly
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-17 06:59:33 +01:00
Hanno Becker
d46d96cc3f Add 2-fold unrolled assembly for umaal based multiplication
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-17 06:19:55 +01:00
Hanno Becker
63eb28c728 Use separate counters for 8-fold and single multiplication steps
Compilers are likely to generate shorter assembly for loops of the
form `while( cnt-- ) { ... }` rather than
`for( ; count >= X; count -= X ) { ... }`. (E.g. the latter needs
a subtract+compare+branch after each loop, while the former only
needs decrement+branch).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-17 06:16:03 +01:00
Hanno Becker
eacf3b9eb4 Simplify organization of inline assembly for bignum
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-17 06:16:03 +01:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Manuel Pégourié-Gonnard
63ed7cbf36
Merge pull request #5701 from hanno-arm/mpi_mul_hlp
Make size of output in mpi_mul_hlp() explicit
2022-04-15 10:09:06 +02:00
Glenn Strauss
8315811ea7 Remove restrictive proto ver negotiation checks
Overly restrictive protocol version negotiation checks might be
"version intolerant".  TLS 1.3 and DTLS 1.3 move the version to
the "supported_versions" ClientHello extension.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
bbdc83b55b Use mbedtls_ssl_protocol_version in public structs
Use mbedtls_ssl_protocol_version in public structs, even when doing
so results in a binary-incompatible change to the public structure

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
cd78df6aa4 handshake->min_minor_ver to ->min_tls_version
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
041a37635b Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks
mbedtls no longer supports earlier TLS protocol versions

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d mbedtls_ssl_config min_tls_version, max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).

New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:39:43 -04:00
Glenn Strauss
da7851c825 Rename mbedtls_ssl_session minor_ver to tls_version
Store the TLS version instead of minor version number in tls_version.

Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms.  The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.

Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:57 -04:00
Glenn Strauss
07c641605e Rename mbedtls_ssl_transform minor_ver to tls_version
Store the TLS version in tls_version instead of minor version number.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:54 -04:00
Glenn Strauss
dff84620a0 Unify internal/external TLS protocol version enums
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 13:45:20 -04:00
Hanno Becker
3577131bb4 Reintroduce trimming of input in mbedtls_mpi_mul_int()
Removing the trimming has significant memory impact. While it is clearly what
we want to do eventually for constant-time'ness, it should be fixed alongside
a strategy to contain the ramifications on memory usage.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-14 11:52:11 +01:00
Neil Armstrong
769dc05597 Remove bad dependency on MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED for ecdh_ctx guard
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 09:56:24 +02:00
Neil Armstrong
282750215c Remove PSA only code from non-PSA code block code in ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 15:05:11 +02:00
Neil Armstrong
11d4945248 Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 15:03:43 +02:00
Neil Armstrong
1f198d8dee Simplify by moving ssl_check_server_ecdh_params in the ECDHE non-PSA compile-time block
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 15:02:30 +02:00
Neil Armstrong
913b364a52 Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 14:59:48 +02:00
Manuel Pégourié-Gonnard
6c242a01f7
Merge pull request #5634 from superna9999/5625-pk-opaque-rsa-basics
PK Opaque RSA sign
2022-04-13 09:55:42 +02:00
Hanno Becker
0dbf04a9a6 Remove unnecessary memory operations in p25519 quasireduction
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-13 07:26:53 +01:00
Hanno Becker
1772e05fca Reduce the scope of local variable in mbedtls_mpi_mul_mpi()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-13 07:26:53 +01:00
Hanno Becker
da763de7d0 Revert "Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi()"
This reverts commit 808e666eee.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-13 07:26:42 +01:00
Hanno Becker
127fcabb21 Fail gracefully upon unexpectedly large input to p25519 reduction
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 22:18:36 +01:00
Neil Armstrong
62d452baac Implement PK Opaque RSA PSS signature
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-12 15:11:49 +02:00
Neil Armstrong
f3f46416e3 Remove ecdh_ctx variable, init & free when USE_PSA_CRYPTO isn't selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-12 14:43:39 +02:00
Neil Armstrong
3ea01498d8 Store TLS1.2 ECDH point format only when USE_PSA_CRYPTO isn't selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-12 14:41:50 +02:00
Neil Armstrong
a33a255dcf Disable non-PSA ECDHE code in mbedtls_ssl_psk_derive_premaster() when USE_PSA_CRYPTO is selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-12 14:40:47 +02:00
Neil Armstrong
d8419ff390 Refactor to make PSA and non-PSA ECDH(E) client code exclusive
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-12 14:39:16 +02:00
Neil Armstrong
d91526c17f Refactor to make PSA and non-PSA ECDH(E) server code exclusive
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-12 14:38:52 +02:00
Manuel Pégourié-Gonnard
927410ded3
Merge pull request #5611 from superna9999/5318-tls-ecdhe-psk
TLS ECDH 3a: ECDHE-PSK (both sides, 1.2)
2022-04-12 13:28:02 +02:00
Hanno Becker
bb04cb992f Fix check in p25519 quasi-reduction
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 11:18:11 +01:00
Hanno Becker
d830feb256 Simplify check in p25519 quasi-reduction
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 11:10:19 +01:00
Hanno Becker
2ef0cff6c3 Fix size check in p25519 modular reduction
The check was meant to precisely catch an underflow.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 11:02:05 +01:00
Hanno Becker
0235f7512f Reduce scope of local variables in mpi_montmul()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 11:02:03 +01:00
Hanno Becker
9137b9c587 Note alternative implementation strategy in mbedtls_mpi_mul_int()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 11:01:58 +01:00
Hanno Becker
808e666eee Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 11:01:57 +01:00
Przemek Stekiel
d7a28646bc psa_tls12_prf_set_key(): add PSA_TLS12_PRF_STATE_OTHER_KEY_SET as a valid state
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-12 11:27:00 +02:00
Przemek Stekiel
a7695a2d76 psa_key_derivation_check_input_type(): handle PSA_KEY_DERIVATION_INPUT_OTHER_SECRET
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-12 11:27:00 +02:00
Przemek Stekiel
c8fa5a1bdd psa_tls12_prf_psk_to_ms_set_key(): add support for other secret input
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-12 11:26:47 +02:00
Gilles Peskine
43b0943736
Merge pull request #1946 from hanno-arm/alert_reentrant
Make mbedtls_ssl_send_alert_message() reentrant
2022-04-12 11:05:20 +02:00
Neil Armstrong
7624a5ae5e Allow RSA PK Opaque keys for RSA-PSS signing
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-12 10:09:26 +02:00
Hanno Becker
53b3c607a0 Move const keyword prior to type name
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 13:46:30 +01:00
Hanno Becker
dfcb2d084b Fix Doxygen for mbedtls_mpi_core_mla()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 13:44:15 +01:00
Hanno Becker
99ba4cc6d5 Remove Doxygen from mbedtls_mpi_core_mla() implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 13:44:03 +01:00
Hanno Becker
efdc519864 Reintroduce though-to-be unused variable in correct place
The variable is a local variable for the i386 bignum assembly only;
introduce it as part of the start/finish macros.

It can be noted that the variable is initialize to 0 within MULADDC_INIT,
so there are no data dependencies across blocks of MULADDC_INIT/CORE/STOP.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 10:44:02 +01:00
Hanno Becker
5d4ceeb25c Remove const qualifier for mutable local variable in mpi_mul_hlp()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 09:46:47 +01:00
Hanno Becker
284d778d28 Address review comments
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 09:19:24 +01:00
Hanno Becker
e9dd9a1f31 Use size_t for number of limbs
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 09:06:27 +01:00
Manuel Pégourié-Gonnard
eaf3086831
Merge pull request #1133 from RonEld/1805
Fix Shared Library compilation issue with Cmake
2022-04-11 09:31:59 +02:00
Hanno Becker
6454993e2e Safeguard against calling p255 reduction with single-width MPI
(In this case, there's nothing to do anyway since we only do a
quasi-reduction to N+1 limbs)

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 07:35:58 +01:00
Hanno Becker
25bb732ea7 Simplify x25519 reduction using internal bignum MLA helper
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 07:03:48 +01:00
Hanno Becker
aef9cc4f96 Rename mpi_mul_hlp -> mbedtls_mpi_core_mla and expose internally
This paves the way for the helper to be used from the ECP module

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 07:03:43 +01:00
Gilles Peskine
e1730e492d
Merge pull request #5708 from AndrzejKurek/timeless-struggles
Remove the dependency on MBEDTLS_TIME_H from the timing module
2022-04-08 18:43:16 +02:00
Neil Armstrong
95a892311d Comment decrypt & encrypt callback entries of mbedtls_pk_ecdsa_opaque_info as not relevant
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:13:51 +02:00
Neil Armstrong
7df6677c34 Remove now invalid comment in pk_opaque_ecdsa_can_do()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:13:06 +02:00
Neil Armstrong
56e71d4d1a Update documentation of mbedtls_pk_setup_opaque()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:12:42 +02:00
Neil Armstrong
eccf88fa48 Only accept RSA key pair in mbedtls_pk_setup_opaque()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:11:50 +02:00
Hanno Becker
5e18f74abb Make alert sending function re-entrant
Fixes #1916

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:16:43 +01:00
Andrzej Kurek
5735369f4a Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C
The timing module might include time.h on its own when on 
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. 


Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:41:42 -04:00