Commit graph

23559 commits

Author SHA1 Message Date
Andrzej Kurek
86f30ff626 Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2
As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790,
after introducing side-channel counter-measures to bignum,
the performance of RSA decryption in correlation to the
MBEDTLS_ECP_WINDOW_SIZE has changed.
The default value of 2 has been chosen as it provides best
or close-to-best results for tests on Cortex-M4 and Intel i7.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-24 07:51:21 -05:00
Paul Elliott
a3b625b0a1
Merge pull request #7098 from gilles-peskine-arm/retval-non-empty
Pacify Clang 15 about empty \retval
2023-02-24 09:10:53 +00:00
Gilles Peskine
2fb4e14397 Words. Use them!
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 13:37:54 +01:00
Gilles Peskine
4348a83bc8 Further documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 13:03:30 +01:00
Manuel Pégourié-Gonnard
f78a10052c
Merge pull request #7047 from mpg/tls-hash-errors
Handle errors from hash functions in TLS code
2023-02-23 08:49:55 +01:00
Janos Follath
406b9172ad
Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup
Bignum: Add named moduli setup
2023-02-22 12:14:33 +00:00
Manuel Pégourié-Gonnard
63e33dd175 Fix unchecked return value
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-22 10:09:40 +01:00
Gilles Peskine
ffb92b0789
Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug
Fix bugs in OID to string conversion
2023-02-21 23:16:44 +01:00
Gilles Peskine
88f8eb5844
Merge pull request #7091 from paul-elliott-arm/remove_gcc_warning
Fix warning with GCC 12
2023-02-21 23:14:29 +01:00
Paul Elliott
48c591cb56 Fix warning with GCC 12
Fix warning about variable being used uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-21 16:31:56 +00:00
Manuel Pégourié-Gonnard
da7979bb91 Restore debug message removed by mistake
Also while at it, fix debug level for existing DEBUG_RET: errors should
always be level 1.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
8e176f747c Fix wrong return statement
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
626aaed213 Fix unused variable warnings in some builds
Found by depends.py MBEDTLS_SHA512_C

In principle, the case where neither SHA-256 nor SHA-384 are available
should never occur, as both TLS 1.2 and TLS 1.3 depend on one of those
being defined. However for now dependencies for TLS 1.2 are not as tight
as they should be; this will be fixed later and is tracked as #6441.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
43cc127d3a Fix code style
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
e1a4caa934 Handle hash errors in calc_finished
That's the last family of functions. All calls to mbedtls_sha* and
psa_hash_* in library/ssl_tls.c are now checked for errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b9b564e64b Handle hash errors in calc_verify
On top on some calls not being checked, the PSA path was missing a call
to abort() on errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
df94901566 Handle hash errors in update_checksum
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b72ff498c9 Handle hash errors in reset_checksum
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b8b07aa24a Handle errors from functions that now return int
A few functions were changed from returning void to returning int three
commits ago. Make sure their callers check the return values.

This commits was basically a matter of declaring newly-int-returning
functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting
warnings. A few functions had to be made int in the process; they were
applied the same process as well.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
d7a7a23308 Use reset_checksum in reset_transcript_for_hrr
This function was manually resetting just the hash that would be used;
it's simpler to just call the function that resets all hashes. This also
avoids calling low-level code from TLS 1.3.

While at it, remove the guards about SHA-256 || SHA-384 that were around
update_checksum, as they are redundant: update_checksum already has
appropriate guards (and TLS 1.3 already depends on one of those tow
hashes being present anyway).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
537f231fd9 Split hash start out of handshake_params_init
This part can fail, so it shouldn't be intermixed with the part that
can't fail and is there to ensure all structures are in a clean state,
should any error happen.

Fortunately, the part that should be split out already had a function
doing it: reset_checksum. Also, handshake_params_init had only one
calling site to update.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
226aa15702 Make handshake hashing functions return int
There are three family of functions: update_checksum, calc_verify,
calc_finished, that perform hashing operations and were returning void
so far. This is not correct, as hashing functions can return errors (for
example, on hardware failure when accelerated). Change them to return
int.

This commit just changes the types: for now the functions always return
0, and their return value is not checked; this will be fixed in the
next few commits.

There is a related function in TLS 1.3,
mbedtls_ssl_reset_transcript_for_hrr, which also handles hashes, and
already returns int but does not correctly check for errors from hashing
functions so far, it will also be handled in the next few commits.

There's a special case with handshake_params_init: _init functions
should return void, so we'll need to split out the part that can return
errors, see the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Gilles Peskine
250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle
Implement PSA interruptible sign/verify hash
2023-02-21 15:13:34 +01:00
Dave Rodgman
e42cedf256
Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased
Pkcs7 fixes
2023-02-21 11:53:30 +00:00
Gilles Peskine
787f7c8d10 Improve documentation of documentation workaround
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-21 10:21:12 +01:00
Gilles Peskine
6df4a9b297
Merge pull request #7045 from lpy4105/issue/6947/apply-exclusions-in-code_style_py
code_style.py: Apply exclusions when restyling a list of files
2023-02-21 10:11:13 +01:00
David Horstmann
a4fad2ba67 Correct error code in test_suite_x509parse.data
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-20 14:57:47 +00:00
Dave Rodgman
716163e824 Improve allocation bounds in testing
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-20 14:46:51 +00:00
Dave Rodgman
a1b2bfff46 Add clarifying comments
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-20 14:45:09 +00:00
David Horstmann
5b5a0b618c Change error codes to more appropriate codes
The more precise error codes are borrowed from the ASN1 module.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-20 14:24:12 +00:00
Minos Galanakis
a30afe2216 ecp_curves: Minor refactoring.
This patch introduces the following changes:
* Documentation for `mbedtls_ecp_modulus_setup()`
  moved to `ecp_invasive.h`.
* Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`.
* Adjusted negative tests to use invalid selectors.
* Reworded documentation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:53:06 +00:00
Minos Galanakis
36f7c0e69b test_suite_ecp: Added .data for ecp_setup_test()
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:51:49 +00:00
Minos Galanakis
9a1d02d738 test_suite_ecp: Added test for mbedtls_ecp_modulus_setup()
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:51:48 +00:00
Minos Galanakis
dd556921c9 ecp_curves: Exposed mbedtls_ecp_modulus_setup() through ecp_invasive.h
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:50:41 +00:00
Minos Galanakis
d2ca802329 ecp_curves: Added mbedtls_ecp_modulus_setup().
This patch introduces a new static method, responsible
for automatically initialising an modulus structure,
based on the curve id and a modulus type selector.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:49:46 +00:00
Janos Follath
ec718afb41
Merge pull request #7051 from gabor-mezei-arm/6376_Secp521r1_fast_reduction
Add a raw entry point to Secp521r1 fast reduction
2023-02-20 13:03:12 +00:00
Manuel Pégourié-Gonnard
718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san
Add the uniformResourceIdentifier subtype for the subjectAltName
2023-02-20 11:29:59 +01:00
Paul Elliott
f8e5b56ad8 Fix get_num_ops internal code.
Previously calling get_num_ops more than once would have ended up with ops
getting double counted, and not calling inbetween completes would have ended up
with ops getting missed. Fix this by moving this to where the work is actually
done, and add tests for double calls to get_num_ops().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-19 18:55:10 +00:00
Gabor Mezei
ac70ad6576
Fix coding style
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-16 19:31:21 +01:00
Dave Rodgman
d652dce9ea Add failing test case (invalid signature) for zero-length data
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-16 16:39:34 +00:00
Dave Rodgman
fc64352253 Adjust position of empty line
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-16 16:23:09 +00:00
Dave Rodgman
c5874db5b0 Add test-case for signature over zero-length data
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-16 16:14:46 +00:00
Paul Elliott
0af1b5367b Remove some abbrevations from test descriptions.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
96b89b208a Add comment to indicate non-PSA spec assertion.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
5686533ba2 Add warning to mbedtls_ecp_set_max_ops()
Using PSA interruptible interfaces will cause previously set values to be
overwritten.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
21c3951139 Add reference to mbedtls_ecp_set_max_ops() to docs
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
f1743e2440 Add verify call to max ops tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
ba70ad4944 Add safety for keys larger than we currently support.
Prevent buffer overflow with keys whos grp.nbits is greater than
PSA_VENDOR_ECC_MAX_CURVE_BITS.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
93d9ca83ea Move num_ops ECP abstraction fully into internal implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Andrzej Kurek
81b0b89a34 Clarify comments on subjectAltName types
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-16 06:55:10 -05:00