Commit graph

8658 commits

Author SHA1 Message Date
Neil Armstrong
95a892311d Comment decrypt & encrypt callback entries of mbedtls_pk_ecdsa_opaque_info as not relevant
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:13:51 +02:00
Neil Armstrong
7df6677c34 Remove now invalid comment in pk_opaque_ecdsa_can_do()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:13:06 +02:00
Neil Armstrong
56e71d4d1a Update documentation of mbedtls_pk_setup_opaque()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:12:42 +02:00
Neil Armstrong
eccf88fa48 Only accept RSA key pair in mbedtls_pk_setup_opaque()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:11:50 +02:00
Hanno Becker
5e18f74abb Make alert sending function re-entrant
Fixes #1916

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:16:43 +01:00
Andrzej Kurek
5735369f4a Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C
The timing module might include time.h on its own when on 
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. 


Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:41:42 -04:00
Glenn Strauss
236e17ec26 Introduce mbedtls_ssl_hs_cb_t typedef
Inline func for mbedtls_ssl_conf_cert_cb()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-07 14:18:30 -04:00
Przemek Stekiel
e3ee221893 Free other secret in tls12_prf context
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:41:56 +02:00
Przemek Stekiel
23650286ac Add psa_tls12_prf_set_other_key() function to store other secret input
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:41:46 +02:00
Neil Armstrong
c1152e4a0f Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
7e1b4a45fa Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
295aeb17e6 Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
b980c9b48c Add support for RSA in pk_opaque_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
ca5b55f0d1 Add support for RSA in mbedtls_pk_wrap_as_opaque()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
eabbf9d907 Add support for RSA PK Opaque key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Andrzej Kurek
714b6603e4 Remove dummy timing implementation
Having such implementation might cause issues for those that
expect to have a working implementation.
Having a compile-time error is better in such case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-07 07:44:04 -04:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Hanno Becker
e141702551 Adjust mpi_montmul() to new signature of mpi_mul_hlp()
A previous commit has changed the signature of mpi_mul_hlp, making the length
of the output explicit. This commit adjusts mpi_montmul() accordingly.

It also fixes a comment on the required size of the temporary value
passed to mpi_montmul() (but does not change the call-sites).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-06 06:59:34 +01:00
Hanno Becker
74a11a31cb Adjust mbedtls_mpi_mul_int() to changed signature of mpi_mul_hlp()
A previous commit has changed the signature of mpi_mul_hlp(), making
the length of the output explicit.

This commit adjusts mbedtls_mpi_mul_int() to this change.

Along the way, we make the code simpler and more secure by not calculating
the minimal limb-size of A. A previous comment indicated that this was
functionally necessary because of the implementation of mpi_mul_hlp() --
if it ever was, it isn't anymore.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-06 06:59:34 +01:00
Hanno Becker
fee261a505 Adjust mbedtls_mpi_mul_mpi() to new signature of mpi_mul_hlp()
The previous commit has changed the signature of mpi_mul_hlp(),
making the length of the output explicit.

This commit adjusts the call-site in mbedtls_mpi_mul_mpi() to
this new signature.

A notable change to the multiplication strategy had to be made:
mbedtls_mpi_mul_mpi() performs a simple row-wise schoolbook
multiplication, which however was so far computed iterating
rows from top to bottom. This leads to the undesirable consequence
that as lower rows are calculated and added to the temporary
result, carry chains can grow. It is simpler and faster to
iterate from bottom to top instead, as it is guaranteed that
there will be no carry when adding the next row to the previous
temporary result: The length of the output in each iteration
can be fixed to len(B)+1.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-06 06:59:34 +01:00
Hanno Becker
defe56928e Make length of output explicit in mpi_mul_hlp()
The helper `mpi_mul_hlp()` performs a multiply-accumulate
operation `d += s * b`, where `d,b` are MPIs and `b` is a scalar.

Previously, only the length of `s` was specified, while `d` was
assumed to be 0-terminated of unspecified length.

This was leveraged at the end of the core multiplication steps
computingg the first `limb(s)` limbs of `d + s*b`: Namely, the
routine would keep on adding the current carry to `d` until none
was left. This can, in theory, run for an arbitrarily long time
if `d` has a tail of `0xFF`s, and hence the assumption of
`0`-termination.

This solution is both fragile and insecure -- the latter because
the carry-loop depends on the result of the multiplication.

This commit changes the signature of `mpi_mul_hlp()` to receive
the length of the output buffer, which must be greater or equal
to the length of the input buffer.

It is _not_ assumed that the output buffer is strictly larger
than the input buffer -- instead, the routine will simply return
any carry that's left. This will be useful in some applications
of this function. It is the responsibility of the caller to either
size the output appropriately so that no carry will be left, or
to handle the carry.

NOTE: The commit leaves the library in a state where it cannot
      be compiled since the call-sites of mpi_mul_hlp() have
      not yet been adjusted. This will be done in the subsequent
      commits.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-06 06:59:29 +01:00
Hanno Becker
e7f14a3090 Remove unused variable in mpi_mul_hlp()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-06 06:11:26 +01:00
Gilles Peskine
a9b6c8074a Fix psa_mac_verify() returning BUFFER_TOO_SMALL
It doesn't make sense for psa_mac_verify() to return
PSA_ERROR_BUFFER_TOO_SMALL since it doesn't have an output buffer. But this
was happening when requesting the verification of an unsupported algorithm
whose output size is larger than the maximum supported MAC size, e.g.
HMAC-SHA-512 when building with only SHA-256 support. Arrange to return
PSA_ERROR_NOT_SUPPORTED instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:03:39 +02:00
Gilles Peskine
695c4cb7ea If a cipher algorithm is not supported, fail during setup
In some cases, a cipher operation for an unsupported algorithm could succeed
in psa_cipher_{encrypt,decrypt}_setup() and fail only when input is actually
fed. This is not a major bug, but it has several minor downsides: fail-late
is harder to diagnose for users than fail-early; some code size can be
gained; tests that expect failure for not-supported parameters would have to
be accommodated to also accept success.

This commit at least partially addresses the issue. The only completeness
goal in this commit is to pass our full CI, which discovered that disabling
only PSA_WANT_ALG_STREAM_CIPHER or PSA_WANT_ALG_ECB_NO_PADDING (but keeping
the relevant key type) allowed cipher setup to succeed, which caused
failures in test_suite_psa_crypto_op_fail.generated in
component_test_psa_crypto_config_accel_xxx.

Changes in this commit:
* mbedtls_cipher_info_from_psa() now returns NULL for unsupported cipher
  algorithms. (No change related to key types.)
* Some code that is only relevant for ECB is no longer built if
  PSA_WANT_ALG_ECB_NO_PADDING is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:03:39 +02:00
Gilles Peskine
0c3a071300 Make psa_key_derivation_setup return early if the key agreement is not supported
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:00:01 +02:00
Gilles Peskine
0cc417d34b Make psa_key_derivation_setup return early if the hash is not supported
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:58:39 +02:00
Gilles Peskine
9efde4f2ec Simplify is_kdf_alg_supported in psa_key_derivation_setup_kdf
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:57:20 +02:00
Przemek Stekiel
8583627ece psa_ssl_status_to_mbedtls: add conversion of PSA_ERROR_BUFFER_TOO_SMALL
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-05 10:50:53 +02:00
Neil Armstrong
1039ba5c98 Check if not using Opaque PSK in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:33:01 +02:00
Neil Armstrong
ede381c808 Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:33:01 +02:00
Neil Armstrong
3cae167e6a Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
e18ff952a7 Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
b7ca76b652 Use intermediate pointer for readability and rename PMS pointer in ECHDE-PSK PSA version of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
fdf20cb513 Fix command indentation in ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
2d63da9269 Introduce zlen size variable in ECHDE-PSK part of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
d6e2759afb Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
fb0a81ece9 Return PSA translated errors in ECHDE-PSK part of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
5a1455d8d5 Remove useless braces in ECHDE-PSK part of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
3bcef08335 Update comments in ECHDE-PSK part of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
549a3e4737 Initialize uninitialized variable in ECHDE-PSK part of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
fc834f2e2c Introduce content_len_size variable in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
0bdb68a242 Introduce zlen size variable in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:52 +02:00
Neil Armstrong
d8420cad31 Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:52 +02:00
Neil Armstrong
c530aa6b4e Return PSA translated errors in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:52 +02:00
Neil Armstrong
b9f319aec1 Remove useless braces in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:51 +02:00
Neil Armstrong
2540045542 Update comments in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:07 +02:00
Neil Armstrong
bc5e8f9dd0 Initialize uninitialized variables in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:07 +02:00
Neil Armstrong
039db29c7d Implement PSA server-side ECDHE-PSK
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:07 +02:00
Neil Armstrong
868af821c9 Implement PSA client-side ECDHE-PSK
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:06 +02:00
Przemek Stekiel
a9f9335ee9 ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check
This check can be removed as if the buffer is too small for the key, then export will fail.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-04 17:32:30 +02:00
Neil Armstrong
e88d190f2e Set ecdh_psa_privkey_is_external to 1 right after setting ecdh_psa_privkey in ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-04 11:27:57 +02:00
Neil Armstrong
f716a700a1 Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-04 11:23:46 +02:00
Manuel Pégourié-Gonnard
de68e39ddf
Merge pull request #5568 from superna9999/5159-pk-rsa-verification
PK: RSA verification
2022-04-04 11:23:33 +02:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2
TLS 1.2/1.3 version negotiation - 2
2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors
Accessors to own CID within mbedtls_ssl_context
2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard
6a25159c69
Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations
HKDF 2: use internal implementations in TLS 1.3
2022-04-01 11:15:29 +02:00
Manuel Pégourié-Gonnard
451114fe42
Merge pull request #5647 from superna9999/5179-follow-up-tls-record-hmac-no-mdinfo
Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
2022-04-01 10:04:56 +02:00
Paul Elliott
0113cf1022 Add accessor for own cid to ssl context
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Ronald Cron
11218dda96 ssl_client.c: Fix unused parameter
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
bdb4f58cea Add and update documentation of some minor version fields
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:24:59 +02:00
Ronald Cron
82c785fac3 Make handshake::min_minor_ver client only
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 15:44:41 +02:00
Neil Armstrong
91477a7964 Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
1335222f13 Return translated PSA error in PSA version of ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
f788253ed3 Fix comment typo in PSA version of ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
80325d00cf Allow ECDSA PK Opaque keys for ECDH Derivation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
104a7c1d29 Handle Opaque PK EC keys in ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
8113d25d1e Add ecdh_psa_shared_key flag to protect PSA privkey if imported
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
5cd5f76d67 Use mbedtls_platform_zeroize() in ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
4f33fbc7e9 Use PSA define for max EC key pair size in ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
306d6074b3 Fix indentation issue in PSA version of ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
062de7dd79 Use PSA_BITS_TO_BYTES instead of open-coded calculation in PSA version of ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
1f4b39621b Implement PSA server-side ECDH-RSA/ECDSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Ronald Cron
6476726ce4 Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 14:13:57 +02:00
Ronald Cron
a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1
TLS 1.2/1.3 version negotiation - 1
2022-03-31 11:47:16 +02:00
Ronald Cron
ba120bb228 ssl_tls13_client.c: Fix ciphersuite final validation
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
8fdad9e534 ssl_tls12_client.c: Remove duplicate of ciphersuite validation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
757a2abfe2 ssl_client.c: Extend and export ciphersuite validation function
Extend and export ciphersuite validation function
to be able to use it in TLS 1.2/3 specific code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
f735cf1f0f ssl_tls.c: Fix ciphersuite selection regarding protocol version
Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
9847338429 ssl_tls13_client.c: Add check in supported_versions parsing
Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:33:41 +02:00
Ronald Cron
1fa4f6863b ssl_tls.c: Return in error if default config fails
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
Ronald Cron
a77fc2756e ssl_tls13_client.c: versions ext writing : Fix available space check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
Ronald Cron
37bdaab64f tls: Simplify the logic of the config version check and test it
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:26:58 +02:00
Ronald Cron
3cffc5ccb1 tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:59:44 +02:00
Ronald Cron
150d579d7a ssl_client.c: Improve coding style
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:58:50 +02:00
Neil Armstrong
e451295179 Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:41:12 +02:00
Neil Armstrong
253e9e7e6d Use mbedtls_rsa_info directly in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
ea54dbe7c2 Fix comment typo in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
19e6bc4c9f Use new PSA to mbedtls PK error mapping functions in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
8a44bb47ac Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
82cf804e34 Fix 80 characters indentation in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
6baea78072 Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
a33280af6c Check psa_destroy_key() return in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
059a80c212 Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
52f41f8228 PK: RSA verification PSA wrap implementation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Ronald Cron
da41b38c42 Improve and fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 14:10:03 +02:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over
Add mbedtls_ssl_is_handshake_over()
2022-03-30 12:16:40 +02:00
Gabor Mezei
e42d8bf83b
Add macro guard for header file
Some of the macros are used by the test data files and must be moved
before the macros guard.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-30 11:33:06 +02:00
Manuel Pégourié-Gonnard
abed05f335
Merge pull request #5652 from arturallmann/issue-commit
Fix comment typo in threading.c
2022-03-30 10:01:24 +02:00
Ronald Cron
8ecd9937a9 ssl_client.c: Fix state change for DTLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
f660655b84 TLS: Allow hybrid TLS 1.2/1.3 in default configurations
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
e71639d39b Simplify TLS major version default value setting
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
dbe87f08ec Propose TLS 1.3 and TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
9f0fba374c Add logic to switch to TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
e1d3f06399 Allow hybrid TLS 1.3 + TLS 1.2 configuration
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
fbd9f99f10 ssl_tls.c: Move some client specific functions to ssl_client.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
7320e6436b ssl_tls12_client.c: Switch to generic Client Hello state handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
27c85e743f ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
5f4e91253f ssl_client.c: Add DTLS ClientHello message sending specifics
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
4079abc7d1 ssl_client.c: Adapt extensions writing to the TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
11e1857f5e ssl_client.c: Fix key share code guards
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
df823bf39b ssl_client.c: Re-order partially extension writing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:57:54 +02:00
Ronald Cron
42c1cbf1de ssl_client.c: Adapt compression methods comment to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:56:58 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export
Add ECP keypair export function
2022-03-29 17:19:04 +01:00
Artur Allmann
3f396152b7 Fix typo "phtreads" to "pthreads"
Closes issue #5349

Signed-off-by: Artur Allmann <Artur.Allmann@tptlive.ee>
2022-03-29 17:43:56 +02:00
Ronald Cron
d491c2d779 ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
Ronald Cron
a874aa818a ssl_client.c: Add DTLS 1.2 cookie support
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
Ronald Cron
021b1785ef ssl_client.c: Adapt session id generation to the TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
Ronald Cron
58b803818d ssl_client.c: Adapt TLS random generation and writing to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:50 +02:00
Gabor Mezei
cb5ef6a532
Remove duplicated includes
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-29 17:10:01 +02:00
Gabor Mezei
55c49a3335
Use proper macro guard
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-29 17:09:15 +02:00
Gabor Mezei
29e7ca89d5
Fix typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-29 17:08:49 +02:00
Gabor Mezei
c09437526c
Remove commented out code
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-29 17:08:15 +02:00
Ronald Cron
1614eb668c ssl_client.c: Adapt TLS version writing to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
86a477f5ee ssl_client.c: Adapt initial version selection to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
5456a7f89c ssl_client.c: Expand ssl_write_client_hello_body doc with TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
71c2332860 ssl_client.c: Rename TLS 1.3 ClientHello writing functions
Rename TLS 1.3 ClientHello writing functions
aiming to support TLS 1.2 as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
3d580bf4bd Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
2022-03-29 15:34:12 +01:00
Ronald Cron
8f6d39a81d Make some handshake TLS 1.3 utility routines available for TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
7ffe7ebe38 ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards
Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will
be necessary when the ClientHello writing code is
made available when MBEDTLS_SSL_PROTO_TLS1_2 is
enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
04fbd2b2ff ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
12dcdf0d6e ssl_tls12_client.c: Move writing of TLS 1.2 specific extensions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
4e263fd49c ssl_tls12_client.c: Simplify TLS version in encrypted PMS
This can only be TLS 1.2 now in this structure and when
adding support for TLS 1.2 or 1.3 version negotiation
the highest configured version can be TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
90f012037d ssl_tls12_server.c: Simplify TLS version check in ClientHello
The TLS server code only support TLS 1.2 thus simplify
the check of the version proposed by the client.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
086ee0be0e ssl_tls.c: Reject TLS 1.3 version configuration for server
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
8457c12127 ssl_tls12_server.c: Remove some unnecessary checks on TLS minor version
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
b894ac7f99 ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
90915f2a21 ssl_tls12_client.c: Remove some unnecessary checks on TLS minor version
ssl_tls12_client.c contains only TLS 1.2 specific
code thus remove some checks on the minor version
version being MBEDTLS_SSL_MINOR_VERSION_3. No aim
for completeness, ssl_parse_server_hello() is not
reworked here for example.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
a25cf58681 ssl_tls.c: Remove one unnecessary minor version check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
c2f13a0568 ssl_tls.c: Modify mbedtls_ssl_set_calc_verify_md()
Modify mbedtls_ssl_set_calc_verify_md() taking into
account that it is an TLS 1.2 only function.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
4dcbca952e ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section
In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the
"if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive
as it is specific to TLS 1.2.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
81591aa0f3 ssl_tls.c: Remove ssl_set_handshake_prfs unnecessary minor_ver param
ssl_set_handshake_prfs() is TLS 1.2 specific and only called
from TLS 1.2 only code thus no need to pass the TLS minor
version of the currebt session.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
f12b81d387 ssl_tls.c: Fix PSA ECDH private key destruction
In TLS 1.3, a PSA ECDH private key may be created
even if MBEDTLS_SSL_USA_PSA_CRYPTO is disabled. We
must destroy this key if still referenced by an
handshake context when we free such context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
5b98ac9c64 TLS 1.3: Move PSA ECDH private key destroy to dedicated function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
8540cf66ac ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512
In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose
PKCS1 v1.5 signatures with SHA_384/512 not only
SHA_256. There is no point in not proposing them
if they are available.

In TLS 1.3 those could be useful for certificate
signature verification.

In hybrid TLS 1.2/1.3 this allows to propose for
TLS 1.2 the same set of signature algorithms.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
60ff79424e ssl_tls13_client.c: alpn: Miscellanous minor improvements
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
13d8ea1dd9 ssl_tls13_client.c: alpn: Loop only once over protocol names
This has although the benefit of getting rid of a
potential integer overflow (though very unlikely
and probably harmless).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
a0855a6d13 ssl_tls13_client.c: alpn: Add missing return value assignment
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
de1adee51a Rename ssl_cli/srv.c
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512
Add rsae sha384 sha512
2022-03-29 14:01:51 +02:00