Commit graph

10629 commits

Author SHA1 Message Date
Dave Rodgman
51b62ef23d
Merge pull request #7228 from tom-cosgrove-arm/fix-alignment.h-on-32-bit-systems
Fix mbedtls_bswap64() on 32-bit systems
2023-03-08 17:19:29 +00:00
Manuel Pégourié-Gonnard
913d9bb921
Merge pull request #7162 from valeriosetti/issue7055
Legacy MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C dependencies in test_suite_psa_crypto
2023-03-08 17:07:19 +01:00
Valerio Setti
75fba32cb3 ssl: use new macros for ECDSA capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Manuel Pégourié-Gonnard
289e5baa83
Merge pull request #7082 from valeriosetti/issue6861
driver-only ECDSA: add ssl-opt.sh testing with testing parity
2023-03-08 16:45:38 +01:00
Gabor Mezei
d1f16b937e
Add documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 15:26:32 +01:00
Tom Cosgrove
6ef9bb3d74 Implement and use MBEDTLS_STATIC_ASSERT()
Fixes #3693

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 14:19:51 +00:00
Tom Cosgrove
bbe166e721 Fix mbedtls_bswap64() on 32-bit systems
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 13:23:24 +00:00
Gabor Mezei
716447ff32
Fix limb size calculation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 14:09:51 +01:00
Gabor Mezei
ed1acf642c
Apply naming conventions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 14:09:50 +01:00
Gabor Mezei
5221c04b92
Change the p256_raw fuction to be testable
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 14:09:50 +01:00
Gabor Mezei
ab6ac91a0a
Extract Secp256r1 from the prototype
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 14:09:50 +01:00
Tom Cosgrove
c15a2b949d Update the text about gcc5 support for Armv8 CE
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 12:55:48 +00:00
Valerio Setti
733de595e3 psa_crypto_rsa: remove PK_WRITE_C in psa_rsa_export_key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
73a218513b psa_crypto_rsa: add comment/explanation for residual PK_WRITE_C guard
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Przemek Stekiel
691e91adac Further pake code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-08 09:54:00 +01:00
Gilles Peskine
a2fc399f57
Merge pull request #6829 from AndrzejKurek/unify-psa-errors
Unify PSA to Mbed TLS error translation
2023-03-07 19:55:44 +01:00
Gilles Peskine
12e3c8e019
Merge pull request #7168 from mpg/use-md
Use MD (not low-level hash interface) in X.509 and TLS
2023-03-07 19:55:12 +01:00
Valerio Setti
2f1d967643 ssl: fix included pk header file
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-07 18:14:34 +01:00
Tom Cosgrove
503d71769c Enable explicit_bzero() on OpenBSD
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-07 12:51:11 +00:00
Tom Cosgrove
5c8505f061 Fix typos
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-07 11:39:52 +00:00
Janos Follath
fe780a3c4b
Merge pull request #7184 from gabor-mezei-arm/6349_Secp224r1_fast_reduction
Extract Secp224r1 fast reduction from the prototype
2023-03-07 10:57:58 +00:00
Przemek Stekiel
57580f2539 Use proper enum types for pake state/sequence/step
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:09 +01:00
Przemek Stekiel
4aa99403f4 Fix configuration for accelerated jpake
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:09 +01:00
Przemek Stekiel
4dc83d40af Add check for pake operation buffer overflow
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:00 +01:00
Pengyu Lv
7b6299b49b ssl_cache: Add an interface to remove cache entry by session id
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-07 15:00:22 +08:00
Przemek Stekiel
e3ef3a15cd Further pake code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-06 17:24:32 +01:00
Gabor Mezei
97803abd2a
Update comment
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-06 16:32:16 +01:00
Manuel Pégourié-Gonnard
947cee18a1 Fix memory leak.
The function reset_checksum() can be called more than once with the same
handshake context (this happens with DTLS clients, and perhaps in other
cases as well). When that happens, we need to free the old MD contexts
before setting them up again.

Note: the PSA path was already doing the right thing by calling abort,
we just needed to do the same on the MD path.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-06 11:59:59 +01:00
Manuel Pégourié-Gonnard
228a30d16c
Merge pull request #7120 from mpg/md-light
Define "MD light" subset of MD
2023-03-06 11:02:19 +01:00
Dave Rodgman
4693fd9e9e
Merge pull request #7173 from daverodgman/zeroize-platform
Use platform-provided secure zeroization
2023-03-06 09:16:12 +00:00
Dave Rodgman
b0d96a23a9 Remove not-needed EABI exclusion
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-03 17:06:09 +00:00
Dave Rodgman
45cef61fa4
Merge branch 'development' into md-light
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-03 14:28:13 +00:00
Andrzej Kurek
270b3f9790 Rename error_pair_t to mbedtls_error_pair_t
Required by our coding standards.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:54:13 -05:00
Andrzej Kurek
daf5b56b02 Translate to MD errors in ssl-tls.c
With the introduction of #7047, ssl_tls.c uses 
mbedtls_md_error_from_psa. This complicates
the dependencies for compiling in psa_to_md_errors,
since now these should be ifdeffed also by
MBEDTLS_USE_PSA_CRYPTO followed by a series of or'ed
MBEDTLS_HAS_ALG_SHA_XXX_VIA_MD_OR_PSA_BASED_ON_USE_PSA.
Since this mechanism will be removed soon, we can simplify it to
just MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:52:28 -05:00
Andrzej Kurek
747ab4ea5e Introduce error_pair_t to psa utils
This way error handling can be written in a cleaner way.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:45 -05:00
Andrzej Kurek
138b30ac62 Add missing const qualifiers
Also improve documentation
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:45 -05:00
Andrzej Kurek
ba24138e0f Duplicate error logic in pk_wrap deprecated functions
GCC 4.6+ complains if a deprecated function calls another.
Working around this universally would require a lot of
preprocessing, this seems to be an easier solution.
Copy mbedtls_pk_error_from_psa code without duplicates
instead of calling the function.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:45 -05:00
Andrzej Kurek
8a045ce5e6 Unify PSA to Mbed TLS error translation
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:44 -05:00
Gilles Peskine
6def41b146
Merge pull request #6932 from yuhaoth/pr/fix-arm64-host-build-and-illegal_instrucion-fail
Replace CPU modifier check with file scope target cpu modifiers
2023-03-02 15:36:41 +01:00
Dave Rodgman
528bfa640c Whitespace fix
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-02 13:54:43 +00:00
Gabor Mezei
aeadc2d731
Apply naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-01 16:53:03 +01:00
Dave Rodgman
6d6a720603 Protect against possible macro redefinition warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-01 15:09:40 +00:00
Paul Elliott
d1cddff71a
Merge pull request #7189 from daverodgman/armcc-fix
Fix macro redefinition warning from armclang
2023-03-01 11:59:26 +00:00
Gilles Peskine
802ff1b116
Merge pull request #7147 from paul-elliott-arm/interruptible_sign_hash_codestyle_drivers
Remove driver entry points for psa_{get|set}_max_ops()
2023-03-01 10:46:09 +01:00
Dave Rodgman
914c632646 Whitespace
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-01 09:30:14 +00:00
Gabor Mezei
620f0dc850
Fix for 32-bit
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-28 18:42:33 +01:00
Gabor Mezei
08a94953e1
Apply naming convention for p224
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-28 18:40:57 +01:00
Dave Rodgman
e47899df20 Fix macro redefinition warning from armcc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-28 17:39:03 +00:00
Gilles Peskine
7e677fa2c5
Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite
Remove pkwrite dependency in pk using PSA for ECDSA
2023-02-28 18:17:16 +01:00
Gilles Peskine
b52b788e55
Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension
Add AES with armv8 crypto extension
2023-02-28 18:16:37 +01:00
Paul Elliott
6a459f5de5
Merge pull request #7143 from paul-elliott-arm/interruptible_sign_hash_codestyle_wipeout
Update psa_wipe_output_buffer() and change name to psa_wipe_tag_output_buffer()
2023-02-28 15:34:06 +00:00
Jerry Yu
608e1093de Improve comment about conflicts between aesce and sha512-crypto
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-28 12:50:00 +08:00
Paul Elliott
15d7d43904 Pacify Clang 15
Changes for interruptible {sign|verify} hash were not merged at the time of the
previous clang 15 /retval fixes, thus this fixes code added at that time.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-27 17:25:57 +00:00
Gabor Mezei
5afb80e00a
Fix coding style issues
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-27 17:00:34 +01:00
Gabor Mezei
804cfd32ea
Follow the naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-27 16:50:09 +01:00
Gabor Mezei
bf506361c4
Revert the illustration and remove unnecessary code
This reverts commit 73e8553273.
Removes the second round of carry reduction from p224.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-27 16:37:32 +01:00
Gabor Mezei
73e8553273
Add comments to illustrate the second round of carry reduction is unnecessary
The first round of carry reduction can not generate a carry thus the
secound round is not needed. The comments illustrating when the
carry is 1. The reduction is simmetric so the case when the carry is
-1 is similar.
The illustration is trying to calculate the input value starting with
setting the carry to 1 before the second round of the carry reduction.
It calculates backwords and tries to determine the value range of
each word. It ends up with a contradiction that A10 must have the
value of 0 and UINT32_MAX.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-27 16:32:42 +01:00
Gabor Mezei
a835d20cde
Add documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-27 15:58:30 +01:00
Paul Elliott
ac2251dad1
Merge pull request #7076 from mprse/parse_RFC822_name
Add parsing of x509 RFC822 name + test
2023-02-27 14:16:13 +00:00
Jerry Yu
fc2e128fc9 Fix grammar issues and remove useless code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-27 11:16:56 +08:00
Paul Elliott
7118d17df1 Pacify code style checker
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-26 16:57:05 +00:00
Dave Rodgman
096e72959b Fix case of include header for mingw
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 17:17:35 +00:00
Dave Rodgman
f5e531a87b Fix code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 17:17:15 +00:00
Dave Rodgman
703f805f09 Improve explicit_bzero detection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 15:19:52 +00:00
Dave Rodgman
fe57a2e008 Remove newlib detection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 14:16:34 +00:00
Dave Rodgman
82f3de55b2 tidy up brackets
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 14:08:22 +00:00
Dave Rodgman
828ec905db Improve explicit_bzero detection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 13:32:26 +00:00
Dave Rodgman
f0a0e43053 explicit_bzero is not available on arm-none-eabi
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 19:01:48 +00:00
Dave Rodgman
a6fda16a41 Fix re-definition of __STDC_WANT_LIB_EXT1__
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 19:00:38 +00:00
Dave Rodgman
8a7d26f12c Typo fix
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 18:19:24 +00:00
Paul Elliott
dc42ca8a7e Use psa_wipe_tag_buffer() for MAC and aead code.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 18:11:59 +00:00
Dave Rodgman
8b6eded03d
Tidy-up comment
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 18:07:05 +00:00
Paul Elliott
7bc24cc512 Fix typos in documentation.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 18:04:16 +00:00
Dave Rodgman
4daca63734 Documentation
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 17:43:00 +00:00
Dave Rodgman
f55182d2bf Use platform-provided secure zeroization call
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 17:42:43 +00:00
Dave Rodgman
f68402565a Add corresponding fix for mbedtls_ssl_write
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 15:57:30 +00:00
ashesman
937d6d5eab Update library/ssl_msg.c
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 15:57:14 +00:00
Ashley Duncan
358f94a71c Fixed undefined behavior in ssl_read if buf parameter is NULL.
Signed-off-by: Ashley Duncan <ashes.man@gmail.com>
2023-02-24 15:53:07 +00:00
Paul Elliott
a16ce9f601 Remove driver entry points for {get|set}_max_ops().
Move the global variable to the PSA layer, and just set that when calling PSA
level functions.

Move the internal ecp set to before each ecp call.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 14:44:18 +00:00
Manuel Pégourié-Gonnard
02d55d5825 Rename some local variables
The name sha512 might have made sense when it was an
mbedtls_sha512_context, but now it's weird to see things like

    mbedtls_md_setup(&sha512, ...MBEDTLS_MD_SHA384...);

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-24 13:31:33 +01:00
Manuel Pégourié-Gonnard
f057ecfedf Use MD not low-level sha256/512 in TLS
Same reasoning as in previous commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-24 13:30:55 +01:00
Manuel Pégourié-Gonnard
2cd751465c Use MD, not low-level SHA1, in X.509
X.509 already depends on MD_C || USE_PSA_CRYPTO, and this is for the
!USE_PSA_CRYPTO branch, so we're free to use MD.

This change supports our ability to use MBEDTLS_MD_CAN_xxx macros
everywhere in the future, once they have been introduced.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-24 12:37:07 +01:00
Manuel Pégourié-Gonnard
0ac71c0d92 Make debug statement more portable
There's little reason for accessing the hash implementation's internal
state, its output contains most of the same information.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-24 12:13:55 +01:00
Paul Elliott
a3b625b0a1
Merge pull request #7098 from gilles-peskine-arm/retval-non-empty
Pacify Clang 15 about empty \retval
2023-02-24 09:10:53 +00:00
Przemek Stekiel
d93de32267 Move to computation stage only on successfull setup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-24 08:39:49 +01:00
Jerry Yu
ba1e78f1c2 fix code style and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-24 11:18:16 +08:00
Manuel Pégourié-Gonnard
1e57abd3ec Group MD_LIGHT and MD_C parts of md.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 20:45:26 +01:00
Przemek Stekiel
083745e097 Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-23 17:28:23 +01:00
Manuel Pégourié-Gonnard
0d4152186d Make MBEDTLS_MD_LIGHT private for now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 13:02:13 +01:00
Manuel Pégourié-Gonnard
f78a10052c
Merge pull request #7047 from mpg/tls-hash-errors
Handle errors from hash functions in TLS code
2023-02-23 08:49:55 +01:00
Valerio Setti
1ad9ef2132 ssl: use new macros for ECDSA capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-23 08:15:09 +01:00
Jerry Yu
947bf969e0 Improve readability of expansion size
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-23 11:07:57 +08:00
Jerry Yu
fac5a54f8a fix code style issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-23 10:13:40 +08:00
Paul Elliott
59200a22aa Improve psa_wipe_output_buffer
Change name and document to ensure suitability only for "tags" is explicit. Add
support for output size of zero in PSA_SUCCESS case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-22 14:15:31 +00:00
Janos Follath
406b9172ad
Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup
Bignum: Add named moduli setup
2023-02-22 12:14:33 +00:00
Przemek Stekiel
5eff1033b6 Remove redundant checks for jpake alg
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
ce131bf5c5 PAKE driver: fix password releasing
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
80a8849903 Adapt conditional compilation flags for jpake alg
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
a54dc69fe0 mbedtls_psa_pake_setup: move driver password and alg init to the common part
Also in the core part change stage to computation after return from psa_driver_wrapper_pake_setup() regardless of the result. At this point driver context is active even if init has failed.

Additionally handle deallocation of password on failure in mbedtls_psa_pake_setup(). The plan was to handle deallocation on core level by calling abort on failure.
Unfortunately in this case when mbedtls_psa_pake_setup() fails with an unsupported result the built-in implementation is executed (if available) and it will reallocate the password leading to the memory leak.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
6b64862ef7 Documentation fixes and code adaptation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00