Commit graph

8299 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
4a0ac1f160 Remove mbedtls_psa_tls_ecpoint_to_psa_ec()
Same reasons as for the previous commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
58d2383ef4 Remove mbedtls_psa_tls_psa_ec_to_ecpoint()
Initially this function was doing something because the output format of
psa_export_public() didn't match the ECPoint format that TLS wants.

Then it became a no-op then the output format of psa_export_public()
changed, but it made sense to still keep the function in case the format
changed again. Now that the PSA Crypto API has reached 1.0 status, this
is unlikely to happen, so the no-op function is no longer useful.

Removing it de-clutters the code a bit; while at it we can remove a
temporary stack buffer (that was up to 133 bytes).

It's OK to remove this function even if it was declared in a public
header, as there's a warning at the top of the file saying it's not part
of the public API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:14 +01:00
Manuel Pégourié-Gonnard
e5119898e4 Improve a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:13 +01:00
Przemyslaw Stekiel
d66387f8fa Init psa status to PSA_ERROR_CORRUPTION_DETECTED
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
b97556e8d1 mbedtls_ssl_encrypt/decrypt_buf: remove dead code
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:29 +01:00
Przemyslaw Stekiel
f9cd60853f ssl_tls1X_populate_transform(): import psa keys only if alg is not MBEDTLS_SSL_NULL_CIPHER
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-01 11:25:55 +01:00
Manuel Pégourié-Gonnard
9cb7b8d263
Merge pull request #5469 from Unity-Technologies/windows-arm64-workaround
Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug
2022-02-01 09:21:27 +01:00
Tautvydas Žilys
40fc7da101 Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1.
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-31 13:34:01 -08:00
Przemyslaw Stekiel
77aec8d181 Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel
be47ecf5e2 mbedtls_ssl_get_record_expansion: use same condidion set as for non-psa build
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 17:50:00 +01:00
Przemyslaw Stekiel
2c87a200a3 ssl_write_encrypt_then_mac_ext(): adapt to psa crypto
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
89dad93a78 Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
399ed51185 Fix condition in mbedtls_ssl_get_record_expansion
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
e5c2238a99 Move mbedtls_ssl_cipher_to_psa() and psa_status_to_mbedtls() defs out of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED build flag
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
f57b45660d Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention.
New function name:  mbedtls_ssl_cipher_to_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
1d714479a3 mbedtls_ssl_get_record_expansion: rework switch statement for psa
As PSA_ALG_IS_AEAD( transform->psa_alg ) can't be used as switch labels (switch labels must be constant expressions, they have to be evaluated at compile time) refactor switch to "if else" statement.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
e88477844c Adapt the mbed tls mode: ccm or gcm or cachapoly to psa version
mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_GCM || mode == MBEDTLS_CHACHAPOLY is equivalent to PSA_ALG_IS_AEAD( alg ).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
221b52791e ssl_msg.c: fix parm in call to mbedtls_ssl_decrypt_buf()
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
9b22c2b1e6 Rename: mbedtls_cipher_to_psa -> tls_mbedtls_cipher_to_psa
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
6be9cf542f Cleanup the code
Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
d4eab57933 Skip psa encryption/decryption for null cipher
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
ce09e7d868 Use psa_status_to_mbedtls() for psa error case
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
fe7397d8a7 Fix key attributes encrypt or decrypt only (not both)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
dd7b501c92 Move PSA init after taglen is set
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
e87475d834 Move psa_status_to_mbedtls to ssl_misc.h
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
8398a67e31 Fix description of the translation function
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
1fe065b235 Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
2e9711f766 mbedtls_ssl_decrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_decrypt_ext() with PSA calls
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
b37fae122c mbedtls_ssl_encrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_encrypt_ext() with PSA calls
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
76e1583483 Convert psa status to mbedtls
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
11a33e6d90 Use PSA_BITS_TO_BYTES macro to convert key bits to bytes
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ae77b0ab28 mbedtls_ssl_tls13_populate_transform: store the en/decryption keys and alg in the new fields
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ffccda45df ssl_tls12_populate_transform: store the en/decryption keys and alg in the new fields
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ce37d11c67 mbedtls_ssl_transform_free(): fix destruction of psa keys
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
8f80fb9b1d Adapt in mbedtls_ssl_transform_init() and mbedtls_ssl_transform_free() after extending mbedtls_ssl_transform struct
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
44187d7a3e Extend mbedtls_ssl_transform struct for psa keys and alg
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
430f337b49 Add helper function to translate mbedtls cipher type/mode pair to psa: algorithm, key type and key size.
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Paul Elliott
a9f32fbb21
Merge pull request #5382 from lhuang04/tls13_f_export_keys
Swap the client and server random for TLS 1.3 f_export_keys
2022-01-28 12:09:19 +00:00
Xiaofei Bai
6d42bb430c Update mbedtls_ssl_handshake_free()
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-28 10:05:51 +00:00
Manuel Pégourié-Gonnard
f7d704dbd2 Avoid dead code in some configurations
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-28 10:05:56 +01:00
Xiaofei Bai
f5b4d25cfa Add received_sig_algs member to struct mbedtls_ssl_handshake_params
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-28 06:37:15 +00:00
Jerry Yu
fb28b88e26 move client_auth to handshake
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-28 11:05:58 +08:00
lhuang04
a3890a3427 Swap the client and server random for TLS 1.3
Summary:

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
2022-01-27 06:00:43 -08:00
XiaokangQian
8499b6ce25 Only free verify_cookie in tls 1.3 case.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 09:00:11 +00:00
Xiaofei Bai
82f0a9a1db Rebase and address review comments
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-27 07:53:52 +00:00
XiaokangQian
a909061c2a Refine HRR parse successfully message in test cases
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 03:48:27 +00:00
XiaokangQian
34909746df Change cookie free code and some comments
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 02:25:04 +00:00
Tautvydas Žilys
60165d7708 Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug.
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-26 15:44:10 -08:00
XiaokangQian
52da558103 Change code base on comments
Align the alert type in parse_server_hello
Remove MBEDTLS_SSL_COOKIE_C guard
Enable cookie for both DTLS and TLS1.3

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
aec1f3e913 Cookie fields are used only by DTLS 1.3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
b119a35d07 Refine fatal alert in parse_server_hello
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
d59be77ce7 Refine code based on comments
Add comments for parse hrr key share and cookie
Change variable names based on RFC8466
Refine fatal allerts in parse server hello and hrr

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
0ece998287 Refine code in mbedtls_ssl_reset_transcript_for_hrr
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
f1e7d12cb6 Fix compile issues in mbedtls_ssl_session_reset_msg_layer
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
43550bd761 Prepare function to parse hrr cookie extension
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
2b01dc30cb Add hrr no change check and allign mbedtls_ssl_session_reset_msg_layer
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
355e09ae9d Change code base on comments
Change functions name
Change some comments
Improve hrr test case for gnutls

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
78b1fa7e81 Update code base on comments
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
53f20b71c5 Improve ssl_tls13_parse_server_hello
Avoid coping random bytes in hrr
Send illegal parameter alert when cipher suite mismatch
Send illegal parameter alert when supported_version not exist

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
d9e068e10b Change code based on comments
Align coding styles
Add hrr parameter for ssl_tls13_parse_server_hello
Add reset steps for SHA384 in HRR

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
8945db36ab Reduce paramter hrr from ssl_tls13_parse_server_hello
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
b48894eca4 Add buffer check for named group
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
16acd4b3e4 Reject the second HRR earlier and align naming styles
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
b851da8a44 Re-construct the code to merge hello and hrr based on comments
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
0b56a8f85c Replace curve_list with group_list and add update test scripts
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
51eff22c9b Align oode style with server hello parse
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
647719a172 Add hello retry request in client side
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:50:06 +00:00
Xiaofei Bai
69fcd39774 Update CertificateRequest tests and the parsing function
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-26 09:32:29 +00:00
Xiaofei Bai
de3f13e0b8 update based on comments
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-26 09:31:54 +00:00
Xiaofei Bai
f6d3696eda fix test failures
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-26 09:31:54 +00:00
Xiaofei Bai
a0ab777cfc update based on comments.
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-26 09:31:54 +00:00
Xiaofei Bai
e1e344213a Add TLS1.3 process certificate request
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-26 09:31:52 +00:00
Ronald Cron
f51b79c297
Merge pull request #5355 from yuhaoth/pr/remove-duplicate-sig-alg-ext
Remove duplicate write signature algorithms extension
The failure of ABI-API-checking is expected.
2022-01-26 10:05:26 +01:00
Jerry Yu
ed5e9f431d Change ecdsa sig_algs order for tls1.3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-26 12:41:12 +08:00
Manuel Pégourié-Gonnard
9d95d81eae
Merge pull request #5359 from hanno-arm/mpi_montmul_remove_dead_code
Remove redundant write operation in Montgomery multiplication
2022-01-25 13:00:19 +01:00
Jerry Yu
0b994b8061 fix typo error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 17:22:12 +08:00
Jerry Yu
53037894ab change the defaut sig_algs order
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 14:38:01 +08:00
Jerry Yu
18c833e2eb fix tls1_2 only sig_algs order issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 14:38:01 +08:00
Jerry Yu
f377d644f5 Refactor duplicate check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 14:38:01 +08:00
Jerry Yu
6ade743a43 Add mbedtls_printf alias for !PLATFORM_C
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 14:38:01 +08:00
Jerry Yu
370e146acb fix comments issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
909df7b17b Refactor *_sig_algs tables
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
b476a44fc6 Add static assert check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
971988528d fix coding style issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
941e07ff02 fix test_no_platform fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
1a8b481ce6 Remove duplicated signature algorithm in default settings
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
600ded7ea5 Reserve end tag space at sig_algs_len init.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
a68dca24ee move overflow inside loop
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
8afd6e4308 fix typo issues in comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
eb821c6916 remove check_sig_hash
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
24811fb2e0 replace check_sig_hash with is_offered
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
1bab301c0d Add signature algorithm supported check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
7ddc38cedb fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
4131ec1260 Add signature algorithm length check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
a69269a711 change sig_algs_len unit to byte
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
713013fa80 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
e12f1ddcfa fix check names fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
11f0a9c2c4 fix deprecated-declarations error
replace sig_hashes with sig_alg

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
6106fdc085 fix build fail without TLS13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
f017ee4203 merge write sig_alg of tls12 and tls13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

# Conflicts:
#	library/ssl_misc.h
2022-01-25 12:46:17 +08:00
Jerry Yu
1abd1bc22f Change write_sig_alg_ext of tls12
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
2d0bd32982 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
0e5bcb6bf5 Replace directly access for sig_hashes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:16 +08:00
Jerry Yu
08e2ceae18 Remove directly access for tls13_sig_algs
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:16 +08:00
Jerry Yu
afdfed16d0 add get sig_algs helper function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:16 +08:00
Jerry Yu
18cd43909b Align signature_algorithms extension name
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:16 +08:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
Add accessors for ciphersuite info
2022-01-24 11:13:31 +01:00
Dave Rodgman
b032685543
Merge pull request #5309 from gilles-peskine-arm/pkparse-pkcs8-unencrypted-no-alloc
mbedtls_pk_parse_key: don't allocate if not needed
2022-01-24 10:03:48 +00:00
Gilles Peskine
6d6d93ea4a
Merge pull request #5350 from AndrzejKurek/psa-aead-invalid-tag-lengths-setup
Detect invalid tag lengths in psa_aead_setup
2022-01-21 21:46:37 +01:00
Gilles Peskine
fe271b9c92
Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes
Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
2022-01-21 21:46:08 +01:00
Andrzej Kurek
f881601c91 Detect invalid tag lengths in psa_aead_setup
Read tag lengths from the driver and validate against preset values.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-20 07:40:12 -05:00
Manuel Pégourié-Gonnard
d2da19b8eb
Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
2022-01-18 09:16:25 +01:00
Ronald Cron
188ed19456
Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext
Remove duplicate function for writing supported_groups extension
2022-01-17 09:13:14 +01:00
Andrzej Kurek
63439eda62 Return an error for IV lengths other than 12 with ChaCha20+Poly1305
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Andrzej Kurek
33ca6af8a3 Return an error for IV lengths other than 12 with ChaCha20
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Manuel Pégourié-Gonnard
73839e02a7
Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat
Reset dhm_P and dhm_G if config call repeated; avoid memory leak
2022-01-14 10:41:06 +01:00
Bence Szépkúti
aa3a6e4ea7 Fix brace placement
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-13 16:26:03 +01:00
Bence Szépkúti
39fb9d170b Rename helper function to psa_aead_check_algorithm
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-13 14:33:45 +01:00
Jerry Yu
d491ea4f18 fix comment issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-13 16:15:25 +08:00
Glenn Strauss
8f52690956 Add accessors for ciphersuite info
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-13 00:05:48 -05:00
Jerry Yu
b925f21806 fix comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-12 11:17:02 +08:00
Jerry Yu
f0fede56a6 minor performance improvement
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-12 10:57:47 +08:00
Jerry Yu
1510cea0f3 fix coding style issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-12 10:56:49 +08:00
Jerry Yu
3ad14ac9e9 Add named group IANA value check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-11 17:13:16 +08:00
Jerry Yu
f46b016058 skip some extensions if ephemeral not enabled
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-11 16:28:00 +08:00
Jerry Yu
63282b4321 Refactor write supported group
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-11 15:43:53 +08:00
Hanno Becker
bae3023576 Make more use of helper function for init/free of MPI array
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-11 05:06:54 +00:00
Jerry Yu
7f029d8a94 fix coding style issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-11 11:08:53 +08:00
Przemyslaw Stekiel
2ecfd57b93 psa_asymmetric_decrypt: move build-in impl to mbedtls_psa_asymmetric_decrypt
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
71284eabdb psa_asymmetric_decrypt: add test driver impl
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
8d45c00759 psa_asymmetric_decrypt: access the key store and call driver dispatch
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:05 +01:00
Przemyslaw Stekiel
234f318bd7 psa_asymmetric_encrypt: move build-in impl to mbedtls_psa_asymmetric_encrypt
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:05 +01:00
Przemyslaw Stekiel
b6a6650a64 psa_asymmetric_encrypt: add test driver impl
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:05 +01:00
Przemyslaw Stekiel
19e6142214 psa_asymmetric_encrypt: access the key store and call driver dispatch
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:05 +01:00
Hanno Becker
466df6e713 Introduce helper function for init/free of MPI array
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-10 11:24:42 +00:00
Hanno Becker
ac4d4bc97c Improve documentation of ECP module
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-09 06:34:04 +00:00
Hanno Becker
ee95f6c4c9 Don't allow Z coordinate being unset in ecp_add_mixed()
Previously, ecp_add_mixed(), commputing say P+Q, would allow for the
Q parameter to have an unset Z coordinate as a shortcut for Z == 1.
This was leveraged during computation and usage of the T-table
(storing low multiples of the to-be-multiplied point on the curve).
It is a potentially error-prone corner case, though, since an MPIs
with unset data pointer coordinate and limb size 0 is also a valid
representation of the number 0.

As a first step towards removing ECP points with unset Z coordinate,
the constant time T-array getter ecp_select_comb() has previously
been modified to return 'full' mbedtls_ecp_point structures,
including a 1-initialized Z-coordinate.

Similarly, this commit ...

- Modifies ecp_normalize_jac_many() to set the Z coordinates
  of the points it operates on to 1 instead of freeing them.

- Frees the Z-coordinates of the T[]-array explicitly
  once the computation and normalization of the T-table has finished.

  As a minimal functional difference between old and new code,
  the new code also frees the Z-coordinate of T[0]=P, which the
  old code did not.

- Modifies ecp_add_mixed() to no longer allow unset Z coordinates.

Except for the post-precomputation storage form of the T[] array,
the code does therefore no longer use EC points with unset Z coordinate.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-09 05:52:40 +00:00
Bence Szépkúti
08f34656cb Return the same error in multipart and single shot AEAD
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().

The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.

Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-07 19:36:07 +01:00
Hanno Becker
c27a0e0093 Add more wrappers for ECP MPI operations
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-06 09:21:50 +00:00
Hanno Becker
595616e5cd Add more wrappers for internal ECP coordinate operations
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-06 05:12:02 +00:00
Hanno Becker
6a28870b1e Make ecp_select_comb() create valid EC point with Z coordinate set
ecp_select_comb() did previously not set the Z coordinate of the target point.
Instead, callers would either set it explicitly or leave it uninitialized,
relying on the (only partly upheld) convention that sometimes an uninitialized
Z value represents 1.

This commit modifies ecp_select_comb() to always set the Z coordinate to 1.
This comes at the cost of memory for a single coordinate, which seems worth
it for the increased robustness.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-06 04:46:45 +00:00
Hanno Becker
30838868ac Keep temporaries across iterations of ecp_double_add_mxz()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-05 06:09:42 +00:00
Hanno Becker
3b29f2194b Keep temporaries across iterations of ecp_add_mixed()
This saves heap operations

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-04 07:34:14 +00:00
Hanno Becker
a7f8edd709 Keep temporaries across iterated invocations of ecp_double_jac()
This reduces the number of heap operations.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-04 07:29:46 +00:00
Hanno Becker
28ccb1cc90 Reduce number of local MPIs from 9 to 4 in ecp_double_add_mxz()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-04 07:15:14 +00:00
Hanno Becker
376dc89519 Reorder ops in ecp_double_add_mxz() to indicate redundant local MPIs
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-04 07:14:07 +00:00
Hanno Becker
0d629791e9 Remove local MPI from ecp_randomize_jac()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-04 06:45:49 +00:00
Hanno Becker
885ed403c9 Introduce wrapper for modular squaring
This paves the way for dedicated squaring implementations.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-04 06:43:50 +00:00
Hanno Becker
b8442cd9c6 Remove another local MPI from ecp_normalize_jac_many()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-04 06:32:42 +00:00
Hanno Becker
02a999b91a Remove local MPI from ecp_normalize_jac_many()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-04 06:32:42 +00:00
Hanno Becker
838b715fcc Add comment on input/output aliasing in ecp_add_mixed()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-04 06:32:42 +00:00
Hanno Becker
ce29ae84dd Introduce macro wrappers for ECC modular arithmetic
This improves readibility and prepares for further changes
like the introduction of a single double-width temporary for
ECP arithmetic.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-04 06:32:39 +00:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
Hanno Becker
76f897d699 Reduce number of temporary MPIs in ECP normalization
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-02 12:47:34 +00:00
Hanno Becker
02b35bd00a Introduce wrapper for modular multiplication with single-width const
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-01 06:54:25 +00:00
Hanno Becker
5c8ea307b8 Reduce number of local MPIs in ECP mixed point addition
`ecp_add_mixed()` and `ecp_double_jac()` are the core subroutines
for elliptic curve arithmetic, and as such crucial for the performance
of ECP primitives like ECDHE and ECDSA.

This commit provides a very slight simplification and performance and
memory usage improvement to `ecp_add_mixed()` by removing the use of
three temporary MPIs used for coordinate calculations.

Where those variables were used, the code now writes directly to the
coordinate MPIs of the target elliptic curve point.

This is a valid change even if there is aliasing between input and
output, since at the time any of the coordinate MPIs in question is
written, the corresponding coordinates of both inputs are no longer
read.

(The analogous change in `ecp_double_jac()` can not be made since
this property does not hold for `ecp_double_jac()`.)

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-01-01 06:16:16 +00:00
Max Fillinger
0bb38336a5 Add function to get md info from md context
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-12-28 16:32:00 +01:00
Jerry Yu
ffef9c52d4 fix alignment issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-24 22:31:08 +08:00
Hanno Becker
9a83443af2 Remove redundant write operation in Montgomery multiplication
This commit removes code from the Montgomery multiplication routine
`mpi_montmul()` which seems to serve no purpose.

Details: `mpi_montmul()` uses a temporary storage `T` for intermediate
results which is assumed to be of twice the size as the inputs to be
multiplied, and which is used as follows: After the i-th (i=0,1,...)
iteration, the n-limb word starting at `T->p + i + 1` contains the
Montgomery multiplication of B with the limbs 0,..,i of A, and the
variable `d` points to `T->p + i + 1`. In particular, after `n` iterations,
`T->p + n` holds the full multiplication
(subject to conditional subtraction).

As a consequence of this way of using the temporary `T`, the contents
of `{T->p, ..., T->p + i}` are irrelevant after the i-th iteration. Nonetheless,
the code copies `A[i]` to `T->p[i]` at the end of the i-th iterations, which is
redundant and can be removed.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-12-22 11:23:27 +00:00
Jerry Yu
136320ba0b fix ci fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-21 17:09:00 +08:00
Jerry Yu
1ea9d10687 fix test_ref_configs build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-21 14:52:38 +08:00
Glenn Strauss
cee11296aa Reset dhm_P and dhm_G if config call repeated
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2021-12-20 20:24:56 -05:00
Jerry Yu
1753261083 change write_supported_groups_ext prototype
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-20 22:32:09 +08:00
Jerry Yu
9d555ac003 Remove TLS12 version write_supported_group_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-20 22:27:58 +08:00
Jerry Yu
7581c11fc7 Remove tls13_write_supported_groups_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-20 22:25:41 +08:00
Jerry Yu
ba07342cd6 Add generic write_supported-groups_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-20 22:22:15 +08:00
Jerry Yu
b47d0f893e Replace SUPPORTED_ELLIPTIC_CURVES with SUPPORTED_GROUPS
According to RFC7919 and RFC8442 , they are same.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-20 17:38:50 +08:00
Archana
4a9e02632a
Review comments addressed
* Updated the default argument to create less noise with argument
  passing.
* Reworded ChangeLog to match MbedTLS documentation/ announcement
  requirements

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 13:37:37 +05:30
Archana
c08248d650
Rename the template file from .conf to .jinja
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 10:35:15 +05:30
Archana
e03960e460
Restructure Python script to use argparse and main
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 10:34:59 +05:30
Archana
b32eafff51
Add psa_crypto_driver_wrappers.c to .gitignore
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 13:29:10 +05:30
Archana
6f21e45b78
Fix Pylint errors and improve Python script
Pylint errors are fixed.
The Python script is improved to take default arguments when not
passed (eg invoked from root of the tree)

check-generated-files.sh and CMakeLists.sh updated.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 13:28:59 +05:30
Archana
a8939b6da3
Restructure scripts' folder alignment
Moved python script generate_driver_wrappers.py under scripts and
corresponding template file under script/data_files.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 12:57:15 +05:30
Archana
1f1a34a226
Rev 1.0 of Driver Wrappers code gen
The psa_crypto_driver_wrappers.c is merely rendered with no real
templating in version 1.0.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 12:22:06 +05:30
Archana
68eb2ac960
Deleted psa_crypto_driver_wrappers.c
The file psa_crypto_driver_wrappers.c is deleted to be autogenerated.
Updated psa_crypto_driver_wrappers.h, this file only contains the
prototypes for the driver wrappers, we don't expect this to be auto
generated.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 10:51:52 +05:30
Dave Rodgman
77d778eee2
Merge branch 'development' into mbedtls-3.1.0_merge_into_release 2021-12-17 10:01:53 +00:00
Dave Rodgman
b8c3301b80 Revert "Add generated files"
This reverts commit 4e62cbc322.
2021-12-17 09:44:04 +00:00
Gilles Peskine
863b96a21b Add copyright notice to ssl_debug_helpers*
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-16 10:04:58 +01:00
Gilles Peskine
1a1e78fa55 Remove comments indicating that the file was automatically generated
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-15 12:58:22 +01:00
Gilles Peskine
923d5c9e3c Rename ssl_debug_helpers.h
It's no longer generated, so rename it accordingly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-15 12:56:54 +01:00
Gilles Peskine
ccbc318fc5 Remove generation of ssl_debug_helpers_generated.h
It's now under version control and meant to be updated manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-15 12:55:37 +01:00
Gilles Peskine
09f1ee68b6 Commit header file
Having an automatically generated header file makes it harder to have
working build scripts. The content of ssl_debug_helpers_generated.h isn't
likely to change often, so we can update it manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-15 12:55:33 +01:00
Ronald Cron
4e62cbc322 Add generated files
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:53 +01:00
Ronald Cron
17b1e2f6c3 Bump version to 3.1.0
Executed ./scripts/bump_version.sh --version 3.1.0 --so-crypto 11 --so-tls 17
+ fix of build_info.h

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:53 +01:00
Ronald Cron
9ed3873905 psa: driver wrapper: cipher: Fix unused variable warning
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-14 18:11:06 +01:00
Ronald Cron
8188d19b0e Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr 2021-12-14 10:58:18 +01:00
Gilles Peskine
12e27d4c5b List ssl_debug_helpers_generated.h in generated files
Running `generate_ssl_debug_helpers.py` generates both
`ssl_debug_helpers_generated.c` and `ssl_debug_helpers_generated.h`.

List the `.h` file as well as the `.c` file in `check-generated-files.sh` so
that `check-generated-files.sh -u` will complain if it isn't up to date.

List it in `Makefile` and `CMakeLists.txt` so that parallel builds know when
to wait until the `.h` file is present. In `Makefile`, declare the `.c` file
as depending on the `.h` file for order. This way, a dependency for either
will wait until the `.h` file is present, and since the `.h` file is
generated after the `.c` file, this guarantees that the `.c` file is
present.

This fixes random failures of `make -j` from a fresh checkout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-14 00:19:47 +01:00
Gilles Peskine
32d2a58cc2
Merge pull request #5325 from gilles-peskine-arm/zeroize-tag-3.1
Zeroize expected MAC/tag intermediate variables
2021-12-13 19:09:30 +01:00
Gilles Peskine
cd74298c83 mbedtls_cipher_check_tag: jump on error for more robustness to refactoring
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 17:01:25 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix
Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:36 +01:00
Gilles Peskine
a4174312da Initialize hash_len before using it
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 14:38:40 +01:00
Gilles Peskine
14d5fef6b7 PKCS#1v1.5 signature: better cleanup of temporary values
Zeroize temporary buffers used to sanity-check the signature.

If there is an error, overwrite the tentative signature in the output
buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:37:55 +01:00
Gilles Peskine
f0fd4c3aee mbedtls_ssl_parse_finished: zeroize expected finished value on error
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:36:15 +01:00
Gilles Peskine
c2f7b75a71 mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:35:08 +01:00
Gilles Peskine
60aebec47e PSA hash verification: zeroize expected hash on hash mismatch
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:33:18 +01:00
Gilles Peskine
e7835d92c1 mbedtls_cipher_check_tag: zeroize expected tag on tag mismatch
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:32:43 +01:00
Dave Rodgman
050ad4bb50
Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac
Check HMAC return values
2021-12-13 10:51:27 +00:00
Gilles Peskine
ecf6bebb9c Catch failures of md_hmac operations
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 15:00:57 +01:00
Gilles Peskine
d5ba50e239 Zeroize local MAC variables
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 14:59:45 +01:00
Gilles Peskine
0ca219575a mbedtls_pk_parse_key: don't allocate if not needed
mbedtls_pk_parse_key() makes a temporary copy of the key when it calls
pk_parse_key_pkcs8_encrypted_der(), because that function requires a
writable buffer. pk_parse_key_pkcs8_encrypted_der() always rejects an
empty password, so skip calling it in that case, which allows us to
skip the allocation as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-10 17:36:37 +01:00
Ronald Cron
db6adc5aad ssl: Fix some compilation guards for TLS 1.3 signature algorithms
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 14:25:35 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Dave Rodgman
76a2b306ac
Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated
Add debug helpers generated
2021-12-10 11:56:55 +00:00
Manuel Pégourié-Gonnard
4525cce691
Merge pull request #5256 from yuhaoth/pr/clean-up-secrets-after-done
TLS1.3 MVP: Erase secrets when they are not necessary anymore.
2021-12-10 12:48:25 +01:00
Ronald Cron
6b07916e40
Merge pull request #5230 from ronald-cron-arm/tls13_ccs_client
Add initial support for "Middlebox Compatibility Mode"
2021-12-10 11:58:05 +01:00
Jerry Yu
a5563f6115 move position of base_key init
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 18:14:36 +08:00
Jerry Yu
b737f6a9be move base_key init
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 17:55:59 +08:00
Ronald Cron
574ace48d8 Remove unnecessary blank line
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 10:27:25 +01:00
Jerry Yu
9c07473ebc fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 17:12:43 +08:00
Jerry Yu
889b3b76da fix clang build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:57:45 +08:00
Jerry Yu
d05e1cec4b fix build fail on check_*
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Jerry Yu
e6369b0061 fix test_cmake_as_package fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Jerry Yu
eb96fb508e Add cmake generator
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Jerry Yu
e3b3412bc4 Add tests for enum helper
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:45:52 +08:00
Jerry Yu
e78ee99624 add enum value to string helpers
Only add helpers for enum in `ssl.h`.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:43:30 +08:00
Jerry Yu
4a2fa5d0aa Move erase handshake secrets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:37:14 +08:00
Jerry Yu
27224f58be fix coding style issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
5132771f5f Revert "fix possible security leak for counter"
This reverts commit 8aab77e11e2aebec09dc9d682b16373771471fe0.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
7ca3054795 move zerioize tls13_hs_secrets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
23ab7a46a3 move zeroize master secrets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
2c70a39d97 move zeroize randbytes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
bdfd01835a fix compile break after merge
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
a986e9faac Clean handshake secrets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
d103bdb01d Clean randbytes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
745db226db fix possible security leak for counter
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Gilles Peskine
d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm
PSA Multipart AEAD CCM Internal implementation and tests.
2021-12-09 14:49:42 +01:00
Ronald Cron
d4c64027a5 tls13: Move state transition after sending CCS to ssl_tls13_client.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Ronald Cron
49ad6197ca Add injection of dummy's ChangeCipherSpec for middlebox compatibility
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Ronald Cron
7e38cba993 Add incoming ChangeCipherSpec filtering in TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard
c38c1f2411
Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0
Reorder structure fields to maximize usage of immediate offset access
2021-12-09 12:54:09 +01:00
Manuel Pégourié-Gonnard
d7d740eb6e
Merge pull request #5236 from gabor-mezei-arm/4926_base64_move_constant-time_functions
Move base64 constant-time functions to the new module
2021-12-09 12:40:18 +01:00
Manuel Pégourié-Gonnard
b873577fc3
Merge pull request #5240 from duckpowermb/development
[session] fix a session copy bug
2021-12-09 09:23:23 +01:00
Gilles Peskine
cfe74a37b9 mbedtls_ssl_handshake_params: move ecrs_ctx back further
"mbedtls_ssl_handshake_params: reorder fields to save code size" moved this
filed earlier along with byte-sized fields that should be in the 128-element
access window on Arm Thumb. This took away precious room in the 128-byte
window. Move it back further out.

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2860 -> 2816 (diff: 44)
library/ssl_msg.o: 3080 -> 3076 (diff: 4)
library/ssl_srv.o: 3340 -> 3300 (diff: 40)
library/ssl_tls.o: 6546 -> 6478 (diff: 68)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-08 18:38:51 +01:00
Gilles Peskine
41139a2541 mbedtls_ssl_handshake_params: move group_list earlier to save code size
Placing group_list earlier seems to help significantly, not just as a matter
of placing it in the 128-element (512-byte) access window.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19559 -> 19551 (diff: 8)
library/ssl_msg.o: 24690 -> 24674 (diff: 16)
library/ssl_srv.o: 20418 -> 20406 (diff: 12)
library/ssl_tls.o: 20555 -> 20519 (diff: 36)
library/ssl_tls13_client.o: 7244 -> 7240 (diff: 4)
library/ssl_tls13_generic.o: 4693 -> 4697 (diff: -4)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2864 -> 2860 (diff: 4)
library/ssl_tls.o: 6566 -> 6546 (diff: 20)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-08 18:26:55 +01:00
Ronald Cron
1865585eab
Merge pull request #5212 from yuhaoth/pr/add-tls13-compat-testcases
TLS1.3 MVP:Add tls13 compat, not supported version , certificaterequest and HRR tests
2021-12-08 14:56:39 +01:00
Manuel Pégourié-Gonnard
5d9f42200f
Merge pull request #861 from ronald-cron-arm/fix-aead-nonce
psa: aead: Fix invalid output buffer usage in generate_nonce()
2021-12-08 13:30:21 +01:00
Manuel Pégourié-Gonnard
39c2aba920
Merge pull request #849 from ronald-cron-arm/fix-cipher-iv
Avoid using encryption output buffer to pass generated IV to PSA driver
2021-12-08 13:30:06 +01:00
Gilles Peskine
392113434a
Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
2021-12-07 12:52:20 +01:00
Ronald Cron
0b4d12313a Remove assertion on local nonce buffer size
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 10:45:00 +01:00
Ronald Cron
a393619dc2 Change test on local nonce buffer size to an assertion
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 09:25:20 +01:00
Dave Rodgman
351c71b7f2 Fix builds when config.h only defines MBEDTLS_BIGNUM_C
Fixes #4929

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-06 17:50:53 +00:00
Jerry Yu
6eaa41c15e Fix overflow error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Ronald Cron
f467d6306c psa: Fix obsolete code guard
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
fd25ddbf58 psa: Fix and improve comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
0266cfed51 psa: Remove test code in the library
The current testing of the PSA configuration is
based on test code located in the library itself.

Remove this code as we are moving to using a
test library instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
40170d9516 tests: Rename test driver entry points
Rename test driver entry points to
libtestdriver1_<name of the Mbed TLS entry point>.

This aligns with the renaming of all Mbed TLS APIs
for the test driver library (that will be put in place
in the following commits) to avoid name conflicts
when linking it with the Mbed TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
5601cd2cf1 psa: test driver: Move driver test entry points prototypes
In preparation of the driver test entry points to be
provided by a test driver library, move their prototypes
to tests directory.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
9ba7691bf7 psa: Add driver initialization and termination
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
7a55deb5a8 psa: Fix unused variable warnings
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
89b4aa7efc psa: asymmetric_encrypt/decrypt: Improve error code consistency
In psa_asymmetric_encrypt/decrypt(), always return
PSA_ERROR_INVALID_ARGUMENT if the key is a PSA key
and the algorithm is not a PSA algorithm we know
about, whether RSA is supported or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
73c9d9e254 psa: driver: Reduce the scope of test driver entry points
Define test driver entry points that provide an alternative
to Mbed TLS driver entry points only when the PSA configuration
is used. Their purpose is only to test the PSA configuration
thus there is no good reason to use them out of this scope.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:18 +01:00
Ronald Cron
69a63426af psa: Fix the size of hash buffers
Fix the size of hash buffers for PSA hash
operations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
56f7897e7d psa: Fix hash and mac operation type
The test entry points defined in psa_crypto_hash.c
and psa_crypto_mac.c are supposed to be exact
clones of the Mbed TLS driver entry points. Thus
the operation type should be the Mbed TLS operation
type not a test one. There was no compilation error
as the hash and cipher operation test types are
currently equal to the Mbed TLS ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
81ca97e080 tests: psa driver: Align RSA/ECP sign/verify hash dispatch
Align RSA/ECP sign/verify hash dispatch with the
corresponding code of the library. The library
code was modified recently but not the test code
one and these modifications ease the following work.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
a72b12defb tests: psa: driver: mac: Remove opaque entry points in library
Opaque test entry points will be implemented only in
test code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
170067043f psa: Fix unused variable warnings
Fix unused variable warnings when no AEAD
algorithm is enabled in the build.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:24 +01:00
Paul Elliott
2fd6b61420 Remove incorrect hashing
Incorrect interpretation of 'empty'

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-02 18:03:12 +00:00
Paul Elliott
7298bef693 Add explanation for safety in function
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-02 17:51:34 +00:00
Xiaofei Bai
d25fab6f79 Update based on comments
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 06:36:27 +00:00
Gilles Peskine
ec45c1e174 mbedtls_ssl_handshake_params: reorder fields to save code size
Reorder fields mbedtls_ssl_handshake_params in order to save code on Arm
Thumb builds. The general idea is to put often-used fields in the direct
access window of 128 elements from the beginning of the structure.

The reordering is a human selection based on a report of field offset and
use counts, and informed by measuring the code size with various
arrangements. Some notes:
* This is the same reordering as the corresponding commit in #5189 for 2.2x.
* I moved most byte-sized fields at the beginning where they're sure to be
  in the direct access window.
* I moved buffering earlier because it can be around the threshold depending
  on the configuration, and it's accessed in a lot of places.
* I moved several fields, including update_checksum and friends, early so
  that they're guaranteed to be in the early access window.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19763 -> 19687 (diff: 76)
library/ssl_msg.o: 24874 -> 24834 (diff: 40)
library/ssl_srv.o: 20754 -> 20562 (diff: 192)
library/ssl_tls.o: 21003 -> 20907 (diff: 96)
library/ssl_tls13_client.o: 7284 -> 7272 (diff: 12)
library/ssl_tls13_generic.o: 4749 -> 4721 (diff: 28)
library/ssl_tls13_keys.o: 5133 -> 5077 (diff: 56)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 3000 -> 2936 (diff: 64)
library/ssl_msg.o: 3084 -> 3080 (diff: 4)
library/ssl_srv.o: 3428 -> 3400 (diff: 28)
library/ssl_tls.o: 6754 -> 6730 (diff: 24)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-29 12:18:09 +01:00
Gilles Peskine
55490d4e1f mbedtls_ssl_handshake_params: use bytes for some small values
Replace bitfields mbedtls_ssl_handshake_params by bytes. This saves some
code size, and since the bitfields weren't group, this doesn't increase the
RAM usage.

Replace several ints that only store values in the range 0..255 by uint8_t.
This can increase or decrease the code size depending on the architecture
and on how the field is used. I chose changes that save code size on Arm
Thumb builds and will save more after field reordering.

Leave the bitfields in struct mbedtls_ssl_hs_buffer alone: replacing them by
uint8_t slightly increases the code size.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19759 -> 19763 (diff: -4)
library/ssl_srv.o: 20790 -> 20754 (diff: 36)
library/ssl_tls13_keys.o: 5153 -> 5133 (diff: 20)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-29 12:01:39 +01:00
Ronald Cron
cae5909053 psa: aead: Fix invalid output buffer usage in generate_nonce()
Don't use the output buffer in psa_aead_generate_nonce()
to pass the generated nonce to the driver as a local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-29 08:43:15 +01:00
吴敬辉
0b71611c80 [session] fix a session copy bug
fix a possible double reference on 'ticket'
when peer_cert/peer_cert_digest calloc failed.

Signed-off-by: 吴敬辉 <11137405@vivo.com>
2021-11-29 10:50:04 +08:00
Gabor Mezei
a09697527b
Add documentation for the functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:25:14 +01:00
Gabor Mezei
14d5fac11d
Unify function parameters
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:23:26 +01:00
Gabor Mezei
c0d8dda60d
Make mbedtls_ct_uchar_mask_of_range function static
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:20:36 +01:00
Gabor Mezei
d77b86cc5b
Delete base64_invasive.h due to functions are moved to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:20:02 +01:00
Gabor Mezei
358829abc9
Move mbedtls_ct_base64_dec_value function to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:14:52 +01:00
Gabor Mezei
9a4074aa1e
Move mbedtls_ct_base64_enc_char function to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:14:21 +01:00
Gabor Mezei
28d611559e
Move mbedtls_ct_uchar_mask_of_range function to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:09:38 +01:00
Gabor Mezei
b8d78926eb
Rename functions to have suitable name
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 16:51:18 +01:00
Ronald Cron
c6e6f50d47 psa: cipher: Fix invalid output buffer usage in psa_cipher_encrypt()
Don't use the output buffer in psa_cipher_encrypt()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:46:20 +01:00
Ronald Cron
9b67428e22 psa: cipher: Add IV parameters to cipher_encrypt entry point
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:46:20 +01:00
Ronald Cron
2391952a4c psa: cipher: Align APIs execution flow
Align the execution of cipher one-shot APIs with
that of cipher multi-part APIs: always exit
through the exit-labelled section.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:46:20 +01:00
Ronald Cron
2fb9052838 psa: cipher: Fix invalid output buffer usage in psa_cipher_generate_iv()
Don't use the output buffer in psa_cipher_generate_iv()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:46:20 +01:00
Gilles Peskine
8716f17961 Tweak whitespace for readability
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-26 12:47:55 +01:00
Gilles Peskine
2d8a182407 PSA global data: move fields around to save code size
Move fields around to have fewer accesses outside the 128-element Thumb
direct access window.

Make the same change as in 2.27+, for the same small benefit.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/psa_crypto.o: 16434 -> 16414 (diff: 20)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-26 12:46:28 +01:00
Xiaofei Bai
6dc90da740 Rebased on 74217ee and add fixes
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:12:43 +00:00
Xiaofei Bai
9539501120 Rebase and add fixes
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:09:26 +00:00
Xiaofei Bai
feecbbbb93 Fix some variable names in code comment
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
Xiaofei Bai
89b526da3e Fix some more variables names
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
Xiaofei Bai
b7972840fd Fix variable names in ssl_tls13_keys.*
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
Xiaofei Bai
eef150418f Fix variable names in ssl_tls13_generic/client.c
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
Xiaofei Bai
746f9481ea Fix 1_3/13 usages in macros and function names
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
XiaokangQian
4d2329fd8a Change code based on reviews
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-25 02:21:16 +00:00
XiaokangQian
a83014db4a TLS1.3: Add signature scheme pkcs1 v1.5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-25 02:21:16 +00:00
Gilles Peskine
e2d707fea5
Merge pull request #4866 from gabor-mezei-arm/3649_move_constant_time_functions_into_separate_module
Move constant-time functions into a separate module
2021-11-24 19:33:00 +01:00
Ronald Cron
b92b88cc4c
Merge pull request #5127 from xkqian/xkqian/pr/add_rsa_pss_rsae
Xkqian/pr/add rsa pss rsae
2021-11-24 14:22:30 +01:00
Gabor Mezei
685472bfb6
Update function name
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-24 11:17:36 +01:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
Gilles Peskine
0c9f058504
Merge pull request #5213 from tom-cosgrove-arm/pr_4950
Fix GCM calculation with very long IV
2021-11-22 22:22:37 +01:00
XiaokangQian
4b82ca1b70 Refine test code and test scripts
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
XiaokangQian
82d34ccf47 Add signature scheme rsa pss
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
Paul Elliott
4086bdbe37 Better fix for empty password / salt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-18 22:39:16 +00:00
Manuel Pégourié-Gonnard
146247de71
Merge pull request #5172 from bensze01/invalid_nonce_error
PSA: Indicate in the error returned when we know that an AEAD nonce length is invalid, not just unsupported
2021-11-18 09:41:12 +01:00
Ronald Cron
ac00659480
Merge pull request #5121 from yuhaoth/pr/add-wrapup-and-hello-test
TLS1.3 MVP: Add finialize states and simplest test
2021-11-18 09:11:53 +01:00
Bence Szépkúti
6d48e20d4b Indicate nonce sizes invalid for ChaCha20-Poly1305
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 18:06:11 +01:00
Bence Szépkúti
357b78e42c Indicate if we know that a nonce length is invalid
This restores the behaviour found in the previously released versions
and development_2.x.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 18:06:04 +01:00
Manuel Pégourié-Gonnard
5a57a51ea5
Merge pull request #5180 from daverodgman/key_derivation_output_key_error_code
Improve PSA error return code for psa_key_derivation_output_key
2021-11-17 13:09:37 +01:00
Jerry Yu
a6e6c27bd3 Grouplize tls1_3 special functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-17 17:54:13 +08:00