Commit graph

9619 commits

Author SHA1 Message Date
Xiaokang Qian
a3b451f950 Adress kinds of comments base on review
Rename function name to mbedtls_ssl_session_set_hostname
Add two extra check cases for server name
Fix some coding styles

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
2f9efd3038 Address comments base on review
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:49 +00:00
Xiaokang Qian
bc663a0461 Refine code based on commnets
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:01 +00:00
Xiaokang Qian
adf84a4a8c Remove public api mbedtls_ssl_reset_hostname()
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:05:11 +00:00
Xiaokang Qian
be98f96de2 Remove useless hostname check in server side
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
Xiaokang Qian
6af2a6da74 Fix session save-load overflow issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
Xiaokang Qian
ecd7528c7f Address some comments
Hostname_len has at least one byte
Change structure serialized_session_tls13
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
Xiaokang Qian
281fd1bdd8 Add server name check when proposeing pre-share key
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:41 +00:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Jerry Yu
c79742303d Remove unnecessary empty line and fix format issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 21:22:33 +08:00
Jerry Yu
22c18c1432 Add NULL check in prepare hello
`session_negotiate` is used directly in `ssl_prepare_client_hello`
without NULL check. Add the check in the beggining to avoid segment
fault.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 18:07:19 +08:00
Jerry Yu
c2bfaf00d9 fix wrong typo
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 18:07:19 +08:00
Jerry Yu
4f77ecf409 disable session resumption when ticket expired
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 22:10:08 +08:00
Jerry Yu
03aa174d7c Improve test message and title
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:48:37 +08:00
Jerry Yu
6916e70521 fix various issues
- adjust guards. Remove duplicate guards and adjust format.
- Return success at function end. Not `ret`
- change input len

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:33:51 +08:00
Jerry Yu
21092062f3 Restrict cipher suite validation to TLS1.3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:21:31 +08:00
Gabor Mezei
d7edb1d225
Initialize variable
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-10 14:32:09 +02:00
Gabor Mezei
e9c013c222
Handle if parameters are alised
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-10 14:26:57 +02:00
Przemek Stekiel
88ade84735 psa_aead_setup: remove redundant tag length check
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-08 17:56:18 +02:00
Przemek Stekiel
6ab50762e0 psa_aead_setup: validate tag length before calling driver setup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-08 17:54:30 +02:00
Jerry Yu
a99cbfa2d3 fix various issues
- rename function and variable
- change signature of `ssl_tls13_has_configured_psk`
- remove unnecessary statements
- remove unnecessary local variables
- wrong variable initial value
- improve output message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:47 +08:00
Jerry Yu
40afab61a8 Add ciphersuite check in set_session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:43 +08:00
Jerry Yu
21f9095fa8 Revert "move ciphersuite validation to set_session"
This reverts commit 19ae6f62c7.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:34 +08:00
Jerry Yu
379b91a393 add ticket age check
Remove ticket if it is expired.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 10:21:15 +08:00
Przemek Stekiel
86679c7bd8 psa_validate_tag_length(): use PSA_WANT_ALG_xxx instead MBEDTLS_PSA_BUILTIN_ALG_xxx guards
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-07 08:24:19 +02:00
Jerry Yu
4a698341c9 Re-org selected_identity parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
6183cc7470 Re-org binders writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f75364bee1 Re-organize identities writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8b41e893a2 fix various issues
- Re-order code and comments
  - move comment above `write_identities`
  - move `write_binder` above `write_identities`.
- Add has_{psk,identity} into {ticket,psk}_get_{psk,identity}
- rename `*_session_tickets_*` to `_ticket_`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
19ae6f62c7 move ciphersuite validation to set_session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
25ab654781 Add dummy ticket support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
b300e3c5be add selected_identity parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
1a0a0f4416 Add binders writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f7c125917c Add identites writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
0c6105bc9e empty pre_shared_key functions
To easy review

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8897c07075 Add server only guards for psk callback
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Przemek Stekiel
8a05a646f4 Remove psa_driver_get_tag_len() and use PSA_ALG_AEAD_GET_TAG_LENGTH macro instead
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-06 17:01:58 +02:00
Przemek Stekiel
ff1efc9a84 psa_aead_check_nonce_length: Fix unused variable warining
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-06 16:53:47 +02:00
Gilles Peskine
01af3ddc82 Fixed confusion between number size and limb size; define limb
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 16:23:29 +02:00
Gilles Peskine
2926484de1 Describe generic conventions for the bignum core module
This commit codifies some conventions that result from the original design
goals and others that have emerged after starting the implementation.

* Value ranges
* Bignum parameter naming and ordering
* Sizes
* Aliasing and overlap
* Error handling

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 14:51:21 +02:00
Gilles Peskine
7aab2fbe41 Add a short description of what each module does
There was already a short introduction to _who_ should use each module, but
not to _what_ each module does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 14:50:17 +02:00
Gilles Peskine
7f887bdc05 Move license out of Doxygen comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 14:50:17 +02:00
Gabor Mezei
dba2677597
Update documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-03 17:01:02 +02:00
Gabor Mezei
86dfe384c2
Fix documentation tags to be lower case
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 14:03:04 +02:00
Gabor Mezei
e5b8585f1e
Follow parameter naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:54:02 +02:00
Gabor Mezei
1c628d5700
Follow parameter naming comvention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
3eff425b1a
Use only one limb parameter for assign
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
81e57021c6
Change the input parameters to be const
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
2b5bf4cec7
Fix doumentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
f4dd3b6a6d
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
cfc0eb8d22
Remove unused parameter
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
87638a9ead
Add missing include
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
63c3282ec4
Remove retrun code from mod_raw_cond_assign/swap
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
24d183aa00
Use the new swap and assign function in the old interface
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
9f6615f146
Remove argument checking from constant time functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
12071d4403
Add conditional assign and swap function for MPI modulus
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:33:35 +02:00
Gabor Mezei
e1d31c4aad
Add conditional swap and assign function for MPI core
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:33:30 +02:00
Gilles Peskine
845de0898e
Merge pull request #6083 from tom-cosgrove-arm/issue-6015-montgomery-multiplication
Montgomery multiplication from bignum prototype
2022-09-30 10:35:21 +02:00
Tom Cosgrove
6da3a3b15f Fix doc regarding aliasing of modulus input to mbedtls_mpi_core_montmul()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 17:20:18 +01:00
Tom Cosgrove
4386ead662 Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 14:40:21 +01:00
Przemek Stekiel
ce5b68c7a3 Revert "Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions"
This reverts commit a82290b727.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:29:18 +02:00
Ronald Cron
77c691f099
Merge pull request #6194 from xkqian/tls13_add_psk_client_cases
TLS 1.3: Add PSK client cases
2022-09-28 17:08:06 +02:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Xiaokang Qian
ca343ae280 Improve message logs and test cases description in psk
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-28 02:07:54 +00:00
Przemek Stekiel
4c49927bad Fix unused variables warnings in default + stream cipher only build
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:14 +02:00
Przemek Stekiel
a82290b727 Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions
Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C flags - make it consistent.
As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available).
Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:14 +02:00
Przemek Stekiel
89ad62352d Fix guards for mbedtls_ct_size_mask() and mbedtls_ct_memcpy_if_eq()
Both functions are used when MBEDTLS_SSL_SOME_SUITES_USE_MAC is defined not MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:14 +02:00
Ronald Cron
c27a9074c4 tls13: server: Add comment when trying another sig alg
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-27 10:07:55 +02:00
Xiaokang Qian
cb6e96305f Change kex mode string name
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-27 08:02:41 +00:00
Ronald Cron
b72dac4ed7 Fix PSA identifier of RSA_PKCS1V15 signing algorithms
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-27 09:25:47 +02:00
Andrzej Kurek
b510cd2c50 Fix a copy-paste error - wrong macro used
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-26 10:50:22 -04:00
Andrzej Kurek
5603efd525 Improve readability and formatting
Also use a sizeof instead of a constant for zeroization, as
requested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-26 10:49:16 -04:00
Xiaokang Qian
5beec4b339 Refine ssl_get_kex_mode_str() for easy automatic generation
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-26 08:23:45 +00:00
Xiaokang Qian
ac8195f4f7 Fix wrongly kex mode fallback issue in psk cases
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-26 06:31:58 +00:00
Gilles Peskine
5596c74a98
Merge pull request #6140 from Zaya-dyno/validation_remove_change_auth_enc
Validation remove change auth enc
2022-09-23 17:04:31 +02:00
Gilles Peskine
12a1e85caa
Merge pull request #6138 from Zaya-dyno/validation_remove_change_key_agree
Validation remove change key agree
2022-09-23 17:04:20 +02:00
Gilles Peskine
87953f228f
Merge pull request #6091 from Zaya-dyno/validation_remove_change_pk
Validation remove change pk
2022-09-23 17:03:30 +02:00
Paul Elliott
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
2022-09-23 15:48:33 +01:00
Xiaokang Qian
8939930b82 Rebase and fix some test failures
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-23 01:49:33 +00:00
Xiaokang Qian
5001bfc619 Add key exchange mode log in client side
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-23 01:49:33 +00:00
XiaokangQian
335cfaadf9 Finalize client side code for psk
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-09-23 01:48:26 +00:00
Jerry Yu
359e65f784 limit session ticket number when resumption
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 23:47:43 +08:00
Jerry Yu
f3bdf9dd51 fix various issues
- improve document about configuration item.
- format issue
- variable type issue.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 23:47:14 +08:00
Gilles Peskine
07ba2be20b
Merge pull request #6304 from yuhaoth/pr/exclude-pre_shared_key-from-hrr-msg
TLS 1.3: PSK: Exclude pre_shared_key for HRR
2022-09-22 10:21:06 +02:00
Manuel Pégourié-Gonnard
1475ac49a4
Merge pull request #6107 from Zaya-dyno/validation_remove_change_hash
Validation remove change hash
2022-09-22 09:24:44 +02:00
Manuel Pégourié-Gonnard
d5c82fb821
Merge pull request #6085 from Zaya-dyno/validation_remove_change_cipher
Validation remove and change in files related to cipher in library
2022-09-22 09:10:13 +02:00
Jerry Yu
b7e3fa7fbd move count decrement after success sent
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 13:21:29 +08:00
Jerry Yu
d0766eca58 fix various issues
- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 13:21:29 +08:00
Tom Cosgrove
c573882674 Merge remote-tracking branch 'upstream/development' into issue-6015-montgomery-multiplication 2022-09-21 12:08:43 +01:00
Manuel Pégourié-Gonnard
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up
Driver only hashes wrap-up
2022-09-21 08:29:46 +02:00
Tom Cosgrove
4782823ec3 Ensure we explicitly document the modulus for fixed-width arithmetic
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 13:51:50 +01:00
Tom Cosgrove
b0b77e1b13 Document and test aliasing of the bignums given to mbedtls_mpi_core_mla()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 13:33:40 +01:00
Ronald Cron
067a1e735e tls13: Try reasonable sig alg for CertificateVerify signature
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
38391bf9b6 tls13: Do not impose minimum hash size for RSA PSS signatures
When providing proof of possession of
an RSA private key, allow the usage for RSA
PSS signatures of a hash with a security
level lower that the security level of the
RSA private key.

We did not allow this in the first place to
align with the ECDSA case. But as it is not
mandated by the TLS 1.3 specification (in
contrary to ECDSA), let's allow it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:29:41 +02:00
Ronald Cron
67ea2543ed tls13: server: Add sig alg checks when selecting best certificate
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.

That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:26:32 +02:00
Tom Cosgrove
ea45c1d2d4 Document and test aliasing of output for mbedtls_mpi_core_montmul()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 13:17:51 +01:00
Jerry Yu
d4e7500a07 Enable multi session tickets on Server
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:24:03 +08:00
Jerry Yu
1ad7ace6b7 Add conf new session tickets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:22:21 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Andrzej Kurek
7763829c5c Add missing ifdef when calculating operation capacity
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 12:24:52 -04:00
Andrzej Kurek
3c4c514302 Remove PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:24:14 -04:00
Andrzej Kurek
b093650033 Add proper capacity calculation for EC J-PAKE to PMS KDF
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:13:00 -04:00
Andrzej Kurek
702776f7cc Restrict the EC J-PAKE to PMS input type to secret
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 06:22:44 -04:00
Jerry Yu
ad4d2bb3e1 Exclude pre_shared_key for HRR
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 18:16:49 +08:00
Manuel Pégourié-Gonnard
07018f97d2 Make legacy_or_psa.h public.
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:02:48 +02:00
Jerry Yu
6ee726e1ab Replace md translation function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 16:32:27 +08:00
Jerry Yu
a5df584d87 fix build fail for test_psa_crypto_config_accel_hash_use_psa
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 11:28:54 +08:00
Gilles Peskine
ed1c7f4cd7 Include platform.h unconditionally: gcm
gcm.c had a slightly different pattern for the conditional inclusion of
platform.h which didn't fit the general replacement. Simplify it manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:50 +02:00
Gilles Peskine
e9b55929dc Remove useless platform macro redefinitions: automatic part
Some source files had code to set mbedtls_xxx aliases when
MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally
by mbedtls/platform.h, so these macro definitions were redundant. Remove
them.

This commit used the following code:
```
perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:15 +02:00
Gilles Peskine
a7aa80c058 Include platform.h unconditionally: second automatic part
Some source files included platform.h in a nested conditional. The previous
commit "Include platform.h unconditionally: automatic part" only removed
the outer conditional. This commit removes the inner conditional.

This commit once again replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:10 +02:00
Gilles Peskine
945b23c46f Include platform.h unconditionally: automatic part
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:33:07 +02:00
Tom Cosgrove
3bd7bc3add Use X rather than A for accumulator-style input (and output!) params, and rename others accordingly
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:55:07 +01:00
Tom Cosgrove
5c0e8104bc Prefer 'fixed-size' to 'known-size' in doc comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:46:10 +01:00
Tom Cosgrove
b7438d1f62 Update name of mbedtls_mpi_montg_init()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:05:59 +01:00
Tom Cosgrove
2701deaa4b Use mbedtls_ct_mpi_uint_mask() rather than rolling our own
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:00:07 +01:00
Tom Cosgrove
818d992cc7 Note that T must not overlap other parameters of mbedtls_mpi_core_montmul()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 14:58:10 +01:00
Przemek Stekiel
dca224628b ssl_tls13_select_sig_alg_to_psa_alg: optimize code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Przemek Stekiel
f937e669bd Guard new code with MBEDTLS_USE_PSA_CRYPTO
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Przemek Stekiel
3c326f9697 Add function to convert sig_alg to psa alg and use it
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Przemek Stekiel
b40f2e81ec TLS 1.3: Take into account key policy while picking a signature algorithm
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:10:19 +02:00
Manuel Pégourié-Gonnard
c42c7e660e Update documentation in legacy_or_psa.h
- Some things that were indicated as in the near future are now done.
- Clarify when these macros are needed and when they're not.
- Prepare to make the header public.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-15 11:28:24 +02:00
Manuel Pégourié-Gonnard
1dc37258de Style: wrap a long line
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-15 11:10:26 +02:00
Manuel Pégourié-Gonnard
409a620dea
Merge pull request #6255 from mprse/md_tls13
Driver-only hashes: TLS 1.3
2022-09-15 10:37:46 +02:00
Jerry Yu
0a55cc647c Remove unnecessary var and improve comment
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-15 16:15:06 +08:00
Manuel Pégourié-Gonnard
18dff1f226
Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake
Expose ECJPAKE through the PSA Crypto API
2022-09-15 09:25:55 +02:00
Andrzej Kurek
d60907b85d Define ECJPAKE_TO_PMS in config_psa only if SHA_256 is available
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 14:57:51 -04:00
Jerry Yu
f7dad3cfbe fix various issues
- Naming
- format
- Reduce negative tolerance window

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 22:31:39 +08:00
Andrzej Kurek
08d34b8693 Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 08:39:26 -04:00
Ronald Cron
208257b39f
Merge pull request #6259 from yuhaoth/pr/add-psk_ephemeral-possible-group-tests
TLS 1.3: PSK: Add possible group tests for psk with ECDHE
2022-09-14 14:21:46 +02:00
Przemyslaw Stekiel
ab9b9d4669 ssl_tls13_keys.h: use PSA max hash size
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 13:51:07 +02:00
Przemyslaw Stekiel
da6452578f ssl_tls13_generic.c: fix hash buffer sizes (use PSA_HASH_MAX_SIZE)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 12:50:51 +02:00
Neil Armstrong
6a12a7704d Fix typo in comment
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-14 12:17:42 +02:00
Przemyslaw Stekiel
004c2181f0 ssl_misc.h: hash guards adaptations
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 11:00:57 +02:00
Jerry Yu
acff823846 Add negative tolerance window
If `now == session->start` or the timer of
client is faster than server, client age might
be bigger than server.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 14:50:44 +08:00
Jerry Yu
95db17ed5f fix various issues
- improve obfuscated ticket age generator
- improve psk getter

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 10:37:58 +08:00
Przemek Stekiel
0852ef8b96 mbedtls_ssl_reset_transcript_for_hrr: remove redundant 'else' statement
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
9dfbf3a006 ssl_tls13_generic.c: optimize code to save memory
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
153b442cc3 mbedtls_ssl_tls13_sig_alg_is_supported: adapt guards
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
47e3cb1875 ssl_tls13_generic.c: adapt guards for MBEDTLS_SHAxxx_C
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Neil Armstrong
fa84962296 Add comment explaining PSA PAKE vs Mbedtls J-PAKE API matching strategy
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-13 15:19:56 +02:00
Neil Armstrong
3d4966a5cb Move possible input/output steps check inside PSA_ALG_JPAKE handling
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-13 15:19:56 +02:00
Neil Armstrong
017db4cdda Drop calls to mbedtls_ecjpake_check()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-13 15:19:56 +02:00
Neil Armstrong
1d0294f6ed Clarify sequence length calculation comment
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-13 15:19:56 +02:00
Neil Armstrong
cb679f23bc Replace 0s with proper defines when possible
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-13 14:43:07 +02:00
Przemek Stekiel
5166954d14 Make more use of MBEDTLS_MAX_HASH_SIZE macro
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 12:57:05 +02:00
Jerry Yu
4746b10c2e fix various issues
- Format issues
- Possible memory leak
- Improve naming and comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 15:37:46 +08:00
Jerry Yu
8d4bbbae4f fix ticket age check issues
- Ticket age and ticket age add, obfuscated age
  use different unit. Align the units to million
  seconds.
- Add maximum ticket age check. Until now,
  ticket_lifetime is not recorded in server side.
  Check it with maximum ticket_lifetime.
- Free session when error found.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 15:37:46 +08:00
Jerry Yu
46bffe0e82 Refine rsumption master secret compute function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 15:09:49 +08:00
Jerry Yu
466dda8553 Rename resumption master secret compute function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 14:28:15 +08:00