Commit graph

5794 commits

Author SHA1 Message Date
Jens Alfke
2d9e359275 Parsing v3 extensions from a CSR
A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the
X.509v3 extensions included in the CSR -- the key usage, Netscape
cert-type, and Subject Alternative Names.

Author: Jens Alfke <jens@couchbase.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:56:55 +01:00
Dave Rodgman
fa96026a0e Move definition of asm out of public header
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
cb0f2c4491 Tidy-up - move asm #define into build_info.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Gilles Peskine
bba2630549 Add ECJPAKE secret input types to psa/crypto_config.h
Add PSA_WANT_KEY_TYPE_PASSWORD and PSA_WANT_KEY_TYPE_PASSWORD_HASH to
psa/crypto_config.h, since the types PSA_KEY_TYPE_PASSWORD and
PSA_KEY_TYPE_PASSWORD_HASH are used by ECJPAKE.

The two key types are always enabled, like PSA_KEY_TYPE_DERIVE.

Add the key types to the metadata test suite as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
ecaa7ca507 Add missing supported algorithm to psa/crypto_config.h
The following shell command lists features that seem to be supported, but
are missing from include/psa/crypto_config.h:
```
for x in $(grep -ho -Ew '(PSA_WANT|MBEDTLS_PSA_BUILTIN)_\w+_\w+' library/psa_crypto*.c | sed 's/^MBEDTLS_PSA_BUILTIN/PSA_WANT/' | sort -u); do grep -qw $x include/psa/crypto_config.h || echo $x; done
```
This looks for PSA_WANT_<kind>_<thing> macros that gate a part of the
library, as well as their MBEDTLS_PSA_BUILTIN_<kind>_<thing> counterparts.
This is not necessarily a complete list of identifiers that must appear
in the config file, since a few features are not gated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:18 +01:00
Pengyu Lv
acecf9c95b make ticket_flags param types consistent
When ticket_flags used as parameter, use unsigned int,
instead of uint8_t or mbedtls_ssl_tls13_ticket_flags.Also
remove the definition of mbedtls_ssl_tls13_ticket_flags.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 11:23:24 +08:00
Pengyu Lv
ee455c01ce move ticket_flags debug helpers
The debug helpers printing ticket_flags status are
moved to ssl_tls.c and ssl_debug_helpers.h.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:06:01 +08:00
Pengyu Lv
189465306d remove MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE error
Return MBEDTLS_ERR_ERROR_GENERIC_ERROR when ticket_flags
are not compatible with advertised key exchange mode.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:06:00 +08:00
Pengyu Lv
a1aa31b8b1 fix review comments
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:58 +08:00
Pengyu Lv
3eb49be6a8 move kex mode check in ticket_flags to psks_check_identity_match_ticket
Move the kex mode check in ticket_flags to
ssl_tls13_offered_psks_check_identity_match_ticket and add new error
'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:55 +08:00
Pengyu Lv
5b8dcd2097 Add debug helper to print ticket_flags status
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:52 +08:00
Valerio Setti
746def5ade x509: renaming of buffer variables in new serial setting function
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
acf12fb744 x509: fix endianness and input data format for x509write_crt_set_serial_new
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
5d164c4e23 fix: add missing deprecation guards
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
da0afcc2fb x509: remove direct dependency from BIGNUM_C
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Gilles Peskine
b4ffe781ed
Merge pull request #6878 from gilles-peskine-arm/code-style-casts-psa-headers
Don't restyle some PSA macros
2023-01-10 22:09:13 +01:00
Manuel Pégourié-Gonnard
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
Manuel Pégourié-Gonnard
3368724ade
Merge pull request #6870 from valeriosetti/issue6831
Document/test dependencies on ECP & Bignum
2023-01-10 09:25:41 +01:00
Gilles Peskine
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype
TLS 1.3: Upstream misc fix from prototype
2023-01-05 14:35:54 +01:00
Valerio Setti
8e45cdd440 fix wrong dependency for X509_TRUSTED_CERTIFICATE_CALLBACK
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-05 09:33:38 +01:00
Valerio Setti
8841d6b2f6 add missing dependency documentation for SSL_ASYNC_PRIVATE
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-05 08:40:24 +01:00
Gilles Peskine
a651607b37 Skip restyling of PSA macros also defined in psa-arch-tests
Some preprocessor macro definitions must have a specific expansion so that
the same macro name can be defined in different products. The definition of
having the same expansion (per the C language specification) means the same
sequence of tokens, and also the same absence/presence of spacing between
tokens.

Two macros are also defined in headers in the PSA Compliance test suite, so
the test suite would fail to build if we changed the definitions. Preserve
those definitions. Technically this is a bug in the test suite, since having
extra spaces (or even a completely different constant expression with the
same value) would still be compliant. Bug reported as
https://github.com/ARM-software/psa-arch-tests/issues/337

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-04 19:55:35 +01:00
Gilles Peskine
45873ceba3 Skip restyling of PSA error code definitions
Some preprocessor macro definitions must have a specific expansion so that
the same macro name can be defined in different products. The definition of
having the same expansion (per the C language specification) means the same
sequence of tokens, and also the same absence/presence of spacing between
tokens.

For PSA error code definitions, the specific expansion is mandated by the
PSA Status code specification and the PSA Crypto API specification. In
particular, there must not be a space between (psa_status_t) and the
numerical value (whereas K&R would put a space).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-04 19:50:27 +01:00
Valerio Setti
a4bb0fabea check_config: add missing dependencies for the build without BIGNUM
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 16:20:43 +01:00
Valerio Setti
18c9fed857 tls: remove dependency from mbedtls_ecp_curve functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 13:03:34 +01:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
2023-01-03 09:36:58 +01:00
Valerio Setti
e269750f0d sha: fix description for starts functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-23 14:29:54 +01:00
Valerio Setti
d55cb5b3f0 sha: decline MD defines for various SHA
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:26:55 +01:00
Valerio Setti
d10e0a6341 sha: fix minor issues/typos
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:25:26 +01:00
Manuel Pégourié-Gonnard
a6e0291c51 Update documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-21 09:59:33 +01:00
Valerio Setti
e7221a21ad test: adjust depends.py to new SHA224/SHA384 changes
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-16 14:43:48 +01:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa
Document ECP_RESTARTABLE and make it compatible with USE_PSA
2022-12-15 19:47:44 +01:00
Dave Rodgman
01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3
Merge back 3.3.0 3
2022-12-14 19:18:05 +00:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Valerio Setti
a3f99591f6 sha: make SHA-224 independent from SHA-256
Using proper configuration options (i.e. MBEDTLS_SHA224_C and
MBEDTLS_SHA256_C) it is now possible to build SHA224 and SHA256
independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:56:54 +01:00
Valerio Setti
43363f5962 sha: make SHA-384 independent from SHA-512
Using proper configuration options (i.e. MBEDTLS_SHA384_C and
MBEDTLS_SHA512_C) it is now possible to build SHA384 and SHA512
independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 08:53:23 +01:00
Manuel Pégourié-Gonnard
2b70a3f831
Merge pull request #6558 from lpy4105/6416-psa_macros_name_typo
check_names: extend typo check to PSA macro/enum names
2022-12-13 09:56:27 +01:00
Manuel Pégourié-Gonnard
b2812cc274 Clarify documentation of ECP_RESTARTABLE
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:34 +01:00
Manuel Pégourié-Gonnard
ad45c4d386 Document that ECP_RESTARTABLE depends on ECP_C
This is not new, it had always been the case, just not documented.

Pointed out by depends.py pkalgs (again, now that restartable is part of
full).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
578664601e Fix missing dependency declaration in test
muladd() (restartable or not) is only available when at least one short
weirstrass curve is enabled.

Found by depends.py curves (now that restartable is part of full).

Also, document that restartable only work for short weierstrass curves
(actually unrelated, but this made me think of that).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
55a188b420 Clarify the "restart vs use PSA" situation in TLS
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
1a100b69a4
Merge pull request #6705 from davidhorstmann-arm/code-style-script-non-corrected
Add code style correction script
2022-12-09 09:41:14 +01:00
Jerry Yu
2e19981e17 tls13: guards transform negotiate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-09 09:51:20 +08:00
Dave Rodgman
48223bc19e Bump version to 3.3.0. No changes to .so versions.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-08 14:43:19 +00:00
Valerio Setti
c689ed8633 tls: pake: minor adjustments
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 14:40:38 +01:00
Ronald Cron
fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface
TLS 1.3: Refactor early data configuration interface.
2022-12-07 09:42:12 +01:00
David Horstmann
1b84781184 Disable code style correction in check_config.h
Code style correction currently messes up check_names.py

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-06 16:09:17 +00:00
Dave Rodgman
92011eef34
Merge pull request #6717 from tom-cosgrove-arm/fix-typos-2212
Fix typos prior to release
2022-12-06 15:00:34 +00:00
Manuel Pégourié-Gonnard
ad27b8074f Declare ECP_RESTARTABLE and USE_PSA compatible
This is only the beginning:
- some test failures in test_suite_pk, test_suite_x509 and ssl-opt.sh
will be fixed in the next few commits;
- then the interactions between those options will be documented and
tested.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-06 11:05:28 +01:00
Manuel Pégourié-Gonnard
2b7ad6472b Document all effects of MBEDTLS_ECP_RESTARTABLE
It might not be obvious that this option goes beyond adding new
functions, but also automagically modifies the behaviour of TLS
in some circumstances. Moreover, the exact modifications and
circumstances were not documented anywhere outside the ChangeLog.

Fix that.

While at it, adjust the test that checks no restartable behaviour with
other key exchanges, to use a key exchange that allows cert-based client
authentication so that we can check that this is not restartable either.

We don't have any automated test checking that the server is never
affected. That would require adding an ec_max_ops command-line option to
ssl_server2 that never has any effect, just to check that it indeed
doesn't. I'm not sure that's worth it. I tested manually and could
confirm that the server never has restartable behaviour, even for the
parts that are shared between client and server such as cert chain
verification.

Note (from re-reading the code): all restartable behaviour is controlled
by the flag ssl->handshake->ecrs_enabled which is only client-side with
the ECDHE-ECDSA key exchange (TLS 1.2).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-06 10:54:35 +01:00
Jerry Yu
12c46bd14f fix various issues
- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 11:02:51 +08:00
Dave Rodgman
dbcbf44d65
Update include/mbedtls/mbedtls_config.h
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-05 11:15:10 +00:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Dave Rodgman
235d1d8519 Improve wording
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 18:45:02 +00:00
Dave Rodgman
6ebaf7a1f8 Whitespace fix
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 18:33:58 +00:00
Dave Rodgman
bc5f03dabc Disable PKCS7 by default; improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 18:32:23 +00:00
Valerio Setti
e98db0b866 tls: pake: fix description for mbedtls_ssl_set_hs_ecjpake_password_opaque
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 16:52:57 +01:00
Jerry Yu
cc4e007ff6 Add max_early_data_size to mbedtls_ssl_config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Jerry Yu
16f6853b05 Add max_early_data_size config option
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Manuel Pégourié-Gonnard
ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2
CID update to RFC 9146
2022-11-29 09:25:14 +01:00
Valerio Setti
a9a97dca63 psa_pake: add support for opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-28 18:26:16 +01:00
Dave Rodgman
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0
Fix NULL+0 undefined behavior in PSA crypto ECB
2022-11-25 17:07:46 +00:00
Bence Szépkúti
6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7
PKCS7 Parser - RFC 2315
2022-11-25 15:55:46 +01:00
Gilles Peskine
5a34b36bbd Remove more now-redundant definitions of inline
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 13:26:44 +01:00
Hannes Tschofenig
6b6b63f039 Added closing SECTION of doxygen markup
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:19:05 +01:00
Hannes Tschofenig
b2e6615625 Added deprecated warning in check_config.h
Warns about the removal of the legacy DTLS Connection ID feature in a future version of Mbed TLS.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:18:57 +01:00
Hannes Tschofenig
e2c46e0413 Reference to RFC 9146 added
Added deprecated keyword to MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:18:51 +01:00
Hannes Tschofenig
88e5566a9b Changed order of conditions in check_config.h
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:18:38 +01:00
Manuel Pégourié-Gonnard
91f88db019
Merge pull request #6639 from mpg/doc-driver-only-limitation
Document another limitation of driver-only hashes
2022-11-25 09:44:35 +01:00
Bence Szépkúti
ae79fb2c2e Merge branch 'development' into pr3431 2022-11-25 03:12:43 +01:00
Pengyu Lv
3bb0e43b41 fix review comment
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2022-11-24 17:30:29 +08:00
Manuel Pégourié-Gonnard
fecc6b2fe4 Minor tune-up to ChangeLog & documentation
- fix a recurring typo
- use clearer names

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-24 09:40:12 +01:00
Gilles Peskine
6157fee306 Unify defintions of inline for MSVC (and old armcc?)
Having multiple definitions was cumbersome, and meant we might forget the
definition when adding an inline definition to a file that didn't have one
before (as I did when I added an inline definition in common.h).

Resolves #6649.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-23 16:15:21 +01:00
Ronald Cron
4a8c9e2cff tls13: Add definition of mbedtls_ssl_{write,read}_early_data
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-23 14:29:37 +01:00
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
Ronald Cron
cb0e680779
Merge pull request #6476 from yuhaoth/pr/fix-tls13-mbedtls_ssl_is_handshake_over
TLS 1.3: Fix tls13 mbedtls ssl is handshake over
2022-11-23 12:12:02 +01:00
Ronald Cron
d8603a7b44
Merge pull request #6638 from ronald-cron-arm/tls13-misc
TLS 1.3: Adjustments for the coming release
2022-11-23 09:07:36 +01:00
Bence Szépkúti
a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Gilles Peskine
4f19d86e3f
Merge pull request #6608 from mprse/ecjpake_password_fix
Make a copy of the password key in operation object while setting j-pake password
2022-11-22 14:52:12 +01:00
Ronald Cron
da13072c5b tls13: Make ..._RECEIVED_NEW_SESSION_TICKET experimental
We are considering using a callback instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-22 13:21:13 +01:00
Manuel Pégourié-Gonnard
18a3856a03 Document another limitation of driver-only hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-22 11:59:55 +01:00
Ronald Cron
c2e110f445 tls13: Disable MBEDTLS_SSL_EARLY_DATA by default
Eventually we want it to be enabled by default
when TLS 1.3 is enabled but currently the
feature is on development thus it should not be
enabled by default.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-22 09:01:46 +01:00
Gilles Peskine
339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
2022-11-21 19:51:58 +01:00
Jerry Yu
a8d3c5048f Rename new session ticket name for TLS 1.3
NewSessionTicket is different with TLS 1.2.
It should not share same state.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
5ed73ff6de Add NEW_SESSION_TICKET* into handshake over states
All state list after HANDSHAKE_OVER as is_handshakeover

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
0b61217c36 set new_session_ticket_* to handshake_over
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Valerio Setti
aca21b717c tls: psa_pake: enforce not empty passwords
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 18:20:50 +01:00
Przemek Stekiel
152ae07682 Change password ec j-pake operation fields to more suitable
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 13:24:36 +01:00
Ronald Cron
d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication
The merge job of the internal CI ran successfully. This is good to go.
2022-11-17 12:48:50 +01:00
Xiaokang Qian
51c5a8b561 Update ticket flag macros
Define the ALLOW_PSK_RESUMPTION and ALLOW_PSK_EPHEMERAL_RESUMPTION
to the key exchange mode EXCHANGE_MODE_PSK and
EXCHANGE_MODE_PSK_EPHEMERAL to facilate later check.
Since they are 1( 1u<<0 ) and 4( 1u<<2 ), so define
ALLOW_EARLY_DATA to 8( 1u<<3 ).

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 08:32:51 +00:00
Gilles Peskine
6110a16555 Document mbedtls_mpi_uint and mbedtls_mpi_sint
Since they're part of the public API (even if only through a few functions),
they should be documented.

I deliberately skipped documenting how to configure the size of the type.
Right now, MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 have no Doxygen
documentation, so it's ambiguous whether they're part of the public API.
Resolving this ambiguity is out of scope of my current work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 22:56:17 +01:00
Przemek Stekiel
348410f709 Make a copy of the key in operation while setting pake password
Additionally use psa_get_and_lock_key_slot_with_policy() to obtain key.
This requires making this function public. This will have to be solved while adding driver dipatch for EC-JPAKE.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-15 22:22:07 +01:00
Gilles Peskine
128895775d Document invariants of MPI objects
Note that s must be +1 for zero.

Note that p may be NULL for zero, when n is 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 20:33:21 +01:00
Xiaokang Qian
2cd5ce0c6b Fix various issues cause rebase to latest code
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 10:33:53 +00:00
Xiaokang Qian
72b9b17e11 Add comments to fix mini format issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 02:51:27 +00:00
Dave Rodgman
d384b64dd2
Merge branch 'development' into rfc9146_2
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-14 17:43:15 +00:00
Xiaokang Qian
402bb1ee90 Update documents and check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
de95604f6c Update ticket_flags related macros
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
fe3483f9a1 Update early data doument and config dependencies
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
ae07cd995a Change ticket_flag base on review
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
29ee43c0e1 Update document base on comments
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
097771672d Update early data document and prerequisites check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
f447e8a8d3 Address comments base on reviews
Improve early data indication check
Update test case to gnutls server

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:36 +00:00
Xiaokang Qian
ecc2948f21 Fix format issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
76332816c7 Define the EARLY_DATA_STATUS
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
338f727683 Move EARLY_DATA_OFF/ON guard to ssl_misc.h
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:03 +00:00
Xiaokang Qian
911c0cc4f0 Fix format issues in comments
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Xiaokang Qian
0e97d4d16d Add early data indication to client side
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Dave Rodgman
50e5616553 Fix typo in check_config.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-10 10:07:35 +00:00
Dave Rodgman
f58172fe43 Merge remote-tracking branch 'origin/development' into pr3431 2022-11-10 09:54:49 +00:00
Nick Child
89e82e1685 pkcs7: Add dependecy on MBEDTLS_MD_C
Signed-off-by: Nick Child <nick.child@ibm.com>
2022-11-09 10:36:10 -06:00
Moritz Fischer
ab45425623 include: mbedtls: Add missing private_access header
This adds a missing private access header.

Signed-off-by: Moritz Fischer <moritzf@google.com>
2022-11-08 14:55:32 -08:00
Gilles Peskine
69ae1ee4fe
Merge pull request #6552 from gstrauss/bignum-aliasing
Add comments for some forbidden aliasing in bignum.h interfaces
2022-11-08 17:15:37 +01:00
Gilles Peskine
42d75f2daf
Merge pull request #6013 from gstrauss/asn1-type-free
Shared code to free x509 structs like mbedtls_x509_named_data
2022-11-08 12:20:20 +01:00
Pengyu Lv
c1ecb25d8a fix PSA_XXX typos detected by check_names.py
Fix the PSA_XXX typos detected by check_names.py.
PSA_WANT is actually not typo, but would cause a false negative
result. So PSA_WANT is reworded to PSA_WANT_xxx.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2022-11-08 18:22:53 +08:00
Glenn Strauss
0750d08601 Add comments for some forbidden aliasing in bignum
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-08 02:47:21 -05:00
Glenn Strauss
82ba274c01 Deprecate mbedtls_asn1_free_named_data()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-07 15:42:44 -05:00
Gilles Peskine
faefe62013
Merge pull request #6390 from mpg/fix-ecjpake-psa-format
Fix ecjpake PSA format
2022-11-07 17:35:44 +01:00
Nick Child
3951a4f3ad pkcs7: Use better error codes
Remove an unnecessary debug print (whoops).
Use new error code for when the x509 is expired.
When there are no signers return invalid certificate.

Signed-off-by: Nick Child <nick.child@ibm.com>

Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
2022-10-31 09:38:42 -05:00
Dave Rodgman
55fd0b9fc1
Merge pull request #6121 from daverodgman/pr277
cert_write - add a way to set extended key usages - rebase
2022-10-31 13:27:49 +00:00
Dave Rodgman
1a22bef116
Merge pull request #6190 from daverodgman/invalid-ecdsa-pubkey
Improve ECDSA verify validation
2022-10-31 09:37:26 +00:00
Nick Child
bb82ab764f pkcs7: Respond to feeback on parsing logic
After recieving review on the pkcs7 parsing functions, attempt
to use better API's, increase consisitency and use better
documentation. The changes are in response to the following
comments:
 - use mbedtls_x509_crt_parse_der instead of mbedtls_x509_crt_parse [1]
 - make lack of support for authenticatedAttributes more clear [2]
 - increment pointer in pkcs7_get_content_info_type rather than after [3]
 - rename `start` to `p` for consistency in mbedtls_pkcs7_parse_der [4]

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992509630
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992562450
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992741877
[4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992754103

Signed-off-by: Nick Child <nick.child@ibm.com>
2022-10-28 12:28:54 -05:00
Glenn Strauss
a4b4041219 Shared code to free x509 structs
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-10-28 12:51:35 -04:00
Dave Rodgman
cd7fe3ee14
Merge pull request #6487 from gilles-peskine-arm/legacy_or_psa-internal 2022-10-27 20:21:43 +01:00
Ronald Cron
77e15e8a2c
Merge pull request #6460 from xkqian/tls13_add_early_data_preparatory
Internal and Open CI merge job ran successfully. Good to go.
2022-10-27 10:40:56 +02:00
Gilles Peskine
3a9ebd69c3 Declare legacy_or_psa.h as private
We think we're likely to change these macros. So make them *only* for
internal use, not just "mostly".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-26 18:03:14 +02:00
Gilles Peskine
49540ac529 Move copyright notice out of the Doxygen documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-26 18:02:56 +02:00
Ronald Cron
c9176a03a7
Merge pull request #6410 from gilles-peskine-arm/psa-pkparse-pkwrite-3.2
PSA with RSA requires PK_WRITE and PK_PARSE
2022-10-26 14:57:36 +02:00
Manuel Pégourié-Gonnard
3e0ea98b7c
Merge pull request #6451 from mpg/fix-can-exercise
Fix can_exercise() for RSA and hashes
2022-10-26 10:18:52 +02:00
Xiaokang Qian
72dbfef6e4 Improve coding styles
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-26 06:33:57 +00:00
Xiaokang Qian
4ef4c89af2 Fix CI failure in build_info.h
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-26 02:48:47 +00:00
Xiaokang Qian
65fc0de894 Improve the prerequisites for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 09:08:57 +00:00
Xiaokang Qian
d69d06fffa Improve format issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 06:51:25 +00:00
Xiaokang Qian
95a0730f17 Change prerequisites of MBEDTLS_SSL_EARLY_DATA and add related check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 05:34:48 +00:00
Xiaokang Qian
72de95dcf5 Move function mbedtls_ssl_tls13_conf_early_data to ssl_tls.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 05:34:25 +00:00
Xiaokang Qian
600804b0e7 Remove useless early data related macros for the time being
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Xiaokang Qian
54413b10c2 Add early data support preparatory work
Add MBEDTLS_SSL_EARLY_DATA configuration option
Define early_data_enabled field in mbedtls_ssl_config
Add function mbedtls_ssl_conf_early_data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Ronald Cron
571f1ff6dc Make sure TLS 1.2 kex macros are undefined in builds without TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
d8d2ea5674 Add TLS 1.3 key exchange mode config options
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.

These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:41:57 +02:00
Manuel Pégourié-Gonnard
98b91d40d6 RSA PKCS#1 v1.5 no longer depends on MD
This has been the case since
https://github.com/Mbed-TLS/mbedtls/pull/6065 which forgot to update the
documentation, and also is_builtin_calling_md(), so update those.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-19 10:59:30 +02:00
Dave Rodgman
f33da19dfb
Merge pull request #6413 from daverodgman/update_docs_links
Update documentation links
2022-10-14 17:42:48 +01:00
Gilles Peskine
8874cd570e
Merge pull request #4826 from RcColes/development
Add LMS implementation
2022-10-14 18:33:01 +02:00
Ronald Cron
49e4184812
Merge pull request #6299 from xkqian/tls13_add_servername_check
Add server name check when proposing pre-share key
2022-10-13 16:00:59 +02:00
Raef Coles
29c490db97
Update LMS calculate_public_key docs
To avoid the word "generate"

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:34 +01:00
Raef Coles
07b70d9196
Correct typo in LMS config check
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:28 +01:00
Raef Coles
1b43a7448d
Clean up LMS and LMOTS feature dependencies
Remove SHA256 dependencies from tests, fix incorrect boolean logic in
check_config, and change depends_hashes.pl to disable LMS in one test

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:26 +01:00
Raef Coles
3c4ae77fec
Improve LMS private context documentation
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:45 +01:00
Raef Coles
285d44b180
Capitalize "Merkle" in LMS and LMOTS code
As it is a proper noun

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:43 +01:00
Raef Coles
9b0daf60fb
Improve LMS private function warning
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:38 +01:00
Raef Coles
370cc43630
Make LMS public key export part of public key api
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:28 +01:00
Raef Coles
be3bdd8240
Rename LMS and LMOTS init/free functions
To match convention

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:18 +01:00
Raef Coles
2ac352a322
Make LMS functions args const where required
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:14 +01:00
Raef Coles
f6ddd51bfd
Sanitize LMS and LMOTS macros
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:13 +01:00
Raef Coles
5127e859d7
Update LMS and LMOTS dependency macros
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:11 +01:00
Raef Coles
56fe20a473
Move MBEDTLS_PRIVATE required defines into lms.h
From lmots.h, as it is a private header

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:10 +01:00
Raef Coles
ab300f15e8
Move public header content from lmots.h to lms.h
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:08 +01:00
Raef Coles
403558c1c9
Fix LMS function documentation
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:57 +01:00
Raef Coles
9b88ee5d5d
Fix LMS and LMOTS coding style violations
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:40 +01:00
Raef Coles
366d67d9af
Shorted LMS and LMOTS line-lengths
To attempt to comply with the 80-char suggestion

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:38 +01:00
Raef Coles
e9479a0264
Update LMS API to support multiple parameter sets
Parameterise macros to allow variation of sizes

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:36 +01:00
Raef Coles
ab4f87413a
Add MBEDTLS_LMS_PRIVATE define
To enable private key operations

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:35 +01:00
Raef Coles
01c71a17b3
Update LMS and LMOTS api
Fix function names and parameters. Move macros to be more private.
Update implementation.

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:25 +01:00
Raef Coles
c8f9604d7b
Use PSA hashing for LMS and LMOTS
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:23 +01:00
Raef Coles
7dce69a27a
Make LMOTS a private api
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:22 +01:00
Raef Coles
2ad6e611f0
Update LMS/LMOTS documentation
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:20 +01:00
Raef Coles
0aa18e041f
Note that LMS sign function is for testing only
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:18 +01:00
Raef Coles
c464746d45
Document LMS and LMOTS contexts
And add some comments about the source of their type IDs

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:17 +01:00
Raef Coles
8ff6df538c
Add LMS implementation
Also an LM-OTS implementation as one is required for LMS.

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:15 +01:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Dave Rodgman
b319684bca Additional updates to docs links
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-12 16:47:08 +01:00
Xiaokang Qian
baa4764d77 Fix typo issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
ed3afcd6c3 Fix various typo and macro guards issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
03409290d2 Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
2f9efd3038 Address comments base on review
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:49 +00:00
Xiaokang Qian
bc663a0461 Refine code based on commnets
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:01 +00:00
Xiaokang Qian
adf84a4a8c Remove public api mbedtls_ssl_reset_hostname()
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:05:11 +00:00
Xiaokang Qian
281fd1bdd8 Add server name check when proposeing pre-share key
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:41 +00:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Ronald Cron
78317c832b
Merge pull request #6327 from yuhaoth/pr/tls13-psk-after-session-tickets
TLS 1.3: PSK and NewSessionTicket: Add support for sending PSK and Ticket together.
2022-10-12 12:39:51 +02:00
Gilles Peskine
fcee740b83 Automatically enable PK_PARSE for RSA in PSA
PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost
anything with them (import, get attributes, export public from private, any
cryptographic operations). Force it on, for symmetry with what we're doing
for MBEDTLS_PK_WRITE_C. Fixes #6409.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:15:24 +02:00
Gilles Peskine
fd94304f9d PSA RSA needs pk_write
The PSA crypto code needs mbedtls_pk_write_key_der() and
mbedtls_pk_write_pubkey() when using RSA without drivers. We were already
forcing MBEDTLS_PK_WRITE_C when MBEDTLS_USE_PSA_CRYPTO is enabled. Do so
also when MBEDTLS_PSA_CRYPTO_C is enabled as well as MBEDTLS_RSA_C, even
without MBEDTLS_USE_PSA_CRYPTO. Fixes #6408.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:09:12 +02:00
Przemek Stekiel
d61a4d3d1a Fix missing guard and double-space
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-11 09:40:40 +02:00
Przemek Stekiel
52a428b824 Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 11:23:18 +02:00
Jerry Yu
8897c07075 Add server only guards for psk callback
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jan Bruckner
b33f6e5ee2 Fix typo
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2022-10-06 11:23:49 +02:00
Manuel Pégourié-Gonnard
79617d99ae Fix namespacing issue
This macro is specific to the Mbed TLS implementation and not part of
the public API, so it shouldn't used the PSA_ namespace.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-05 12:55:50 +02:00
Manuel Pégourié-Gonnard
ec7012dbc7 Fix I/O format of PSA EC J-PAKE for compliance
The format used by the mbedtls_ecjpake_xxx() APIs and that defined by
the PSA Crypto PAKE extension are quite different; the former is
tailored to the needs of TLS while the later is quite generic and plain.
Previously we only addressed some part of this impedance mismatch: the
different number of I/O rounds, but failed to address the part where the
legacy API adds some extras (length bytes, ECParameters) that shouldn't
be present in the PSA Crypto version. See comments in the code.

Add some length testing as well; would have caught the issue.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-05 12:52:48 +02:00
Przemek Stekiel
0957e7bfc5 Rmove MBEDTLS_NIST_KW_C dependency from MBEDTLS_SSL_TICKET_C
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 11:39:02 +02:00
Przemek Stekiel
460192ee19 Fix and sync configuration file and configuration verifiation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 08:55:29 +02:00
Nick Child
7dbe8528f3 pkcs7: Import header files with included directory path not relative path
In #include statements, rely on -I paths instead of relative paths.

Signed-off-by: Nick Child <nick.child@ibm.com>
2022-09-30 17:28:16 -05:00
Przemek Stekiel
ce5b68c7a3 Revert "Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions"
This reverts commit a82290b727.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:29:18 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Przemek Stekiel
e31ba83675 Use basic symbols instead MBEDTLS_CIPHER_MODE_AEAD in check config
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:44:58 +02:00
Przemek Stekiel
d582a01073 Make MBEDTLS_SSL_CONTEXT_SERIALIZATION dependent on AEAD
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 07:59:01 +02:00
Przemek Stekiel
a82290b727 Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions
Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C flags - make it consistent.
As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available).
Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:14 +02:00
Andrzej Kurek
e09aff8f5a Add information about ECJPAKE_TO_PMS output size expectations
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-26 10:59:31 -04:00
Andrzej Kurek
96b9f23853 Adjust ECJPAKE_TO_PMS macro value
This way the low 8 bits of the identifier indicate that this algorithm is used
with SHA-256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-26 10:30:46 -04:00
Paul Elliott
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
2022-09-23 15:48:33 +01:00
Jerry Yu
ba627bfd0d improve document about session tickets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-23 09:58:22 +08:00
Jerry Yu
40b4a01388 Improve documents
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 23:48:38 +08:00
Jerry Yu
f3bdf9dd51 fix various issues
- improve document about configuration item.
- format issue
- variable type issue.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 23:47:14 +08:00
Jerry Yu
d0766eca58 fix various issues
- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 13:21:29 +08:00
Manuel Pégourié-Gonnard
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up
Driver only hashes wrap-up
2022-09-21 08:29:46 +02:00
Manuel Pégourié-Gonnard
b4e28aa2f7 Fix two typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 11:55:00 +02:00
Manuel Pégourié-Gonnard
3c16abebd4 Fix dependencies of KEY_EXCHANGE_ECJPAKE
The EC J-PAKE module the ability to "fall back" to PSA when MD is not
present a few PRs ago, but the dependency of this key exchange on
SHA-256 wasn't updated at the time.

(Note: the crypto primitive doesn't depend on SHA-256, only its use in
the TLS key exchange does.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 10:47:05 +02:00
Jerry Yu
1ad7ace6b7 Add conf new session tickets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:22:21 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Gilles Peskine
ef843f2b0c MBEDTLS_PLATFORM_VSNPRINTF_ALT requires MBEDTLS_PLATFORM_C
mbedtls_vsnprintf replacement works like mbedtls_snprintf replacement, so
copy the requirements for MBEDTLS_PLATFORM_VSNPRINTF_ALT.

(MBEDTLS_PLATFORM_xxx_MACRO shouldn't require MBEDTLS_PLATFORM_C, but that's
a separate preexisting problem which I do not try address at this time.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-18 14:05:23 +02:00
Nick Child
9512bde5c3 pkcs7: Fix pkcs7 error code values
Mbed TLS uses a two layer system for error codes. The least significant
7 bits should be used to signal low-level module errors. Since PKCS7 is
a high level module, it should leave these bits unassigned. To do this,
the least significant byte of PKCS7 error codes must either be 0x00 or
0x80.

Signed-off-by: Nick Child <nick.child@ibm.com>
2022-09-16 09:49:06 -05:00
Andrzej Kurek
3c4c514302 Remove PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:24:14 -04:00
Andrzej Kurek
1fafb1f778 Documentation clarifications for ECJPAKE-to-PMS
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:19:49 -04:00
Manuel Pégourié-Gonnard
1be45825ab Remove useless guard around include
Including a header is harmless, so we can include do it unconditionally.

The condition was wrong, should have been USE_PSA || PROTO_TLS1_3. If we
just fixed to condition, then we would need to make sure things like:

    #define MBEDTLS_TLS1_3_MD_MAX_SIZE         PSA_HASH_MAX_SIZE

are also guarded, which is useless (extra defines are harmless) and
annoying, so just remove the condition altogether.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 13:18:36 +02:00
Manuel Pégourié-Gonnard
138387fc8c Fix some typos, improve wording & formatting
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
72687b76ca Clarify dependencies in mbedtls_config.h
- One module was missing the warning on psa_crypto_init().
- For modules that are affected by USE_PSA_CRYPTO, it makes more sense
to mention that in the warning.
- Attempt to improve the description of the TLS 1.3 situation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
f17f85ef0c Simplify definition of TLS 1.3 MD max size.
Actually this macro is never used in parts that depend on USE_PSA, so
it's always using PSA.

Currently the macro seems a bit redundant, but:
- since it's public we can't remove it;
- and there are plans in the future to make it more precise (actually
the largest hash that matters for TLS 1.3 is SHA-384 now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
e896705c1a Take advantage of legacy_or_psa.h being public
Opportunities for using the macros were spotted using:

    git grep -E -n -A2 'MBEDTLS_(MD|SHA)[0-9]+_C' | egrep 'PSA_WANT_ALG_(MD|SHA)'

then manually filtering the results.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
07018f97d2 Make legacy_or_psa.h public.
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:02:48 +02:00
Gilles Peskine
04e4c19ee3 Document the base state of platform abstraction
It's `#define mbedtls_xxx xxx` unless some option to override `mbedtls_xxx`
is enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:50 +02:00
Manuel Pégourié-Gonnard
409a620dea
Merge pull request #6255 from mprse/md_tls13
Driver-only hashes: TLS 1.3
2022-09-15 10:37:46 +02:00
Manuel Pégourié-Gonnard
18dff1f226
Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake
Expose ECJPAKE through the PSA Crypto API
2022-09-15 09:25:55 +02:00
Nick Child
8ce1b1afc8 pkcs7: Correct various syntatical mistakes
Resond to feedback from the following comments:
 - use correct spacing [1-7]
 - remove unnecessary parenthesis [8]
 - fixup comments [9-11]
 - remove unnecessary init work [12]
 - use var instead of type for sizeof [13]
[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953655691
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953661514
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953689929
[4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953696384
[5] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697558
[6] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697793
[7] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697951
[8] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953699102
[9] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r971223775
[10] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967133905
[11] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967135932
[12] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967151430
[13] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967154159
Signed-off-by: Nick Child <nick.child@ibm.com>
2022-09-14 15:13:52 -05:00
Andrzej Kurek
d60907b85d Define ECJPAKE_TO_PMS in config_psa only if SHA_256 is available
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 14:57:51 -04:00
Przemyslaw Stekiel
67ffab5600 ssl.h: use PSA hash buffer size when PSA is used
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 14:51:14 +02:00
Andrzej Kurek
18f8e8d62c Document the input size restriction for EC J-PAKE to PMS
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 08:44:34 -04:00
Andrzej Kurek
08d34b8693 Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 08:39:26 -04:00
Przemyslaw Stekiel
034492bd56 ssl.h: Fix hash guards
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 11:09:20 +02:00
Przemek Stekiel
ce0aa58fd9 check_config.h: make TLS1.3 requirements verification more readable
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
8a2f2b0bd6 check_config.h: fix TLS 1.3 requirements (add HKDF_EXTRACT/EXPAND) and comments
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
9408b70513 check_config.h: revert HKDF requirements
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
a06787a629 build_info.h: include config_psa.h also when MBEDTLS_PSA_CRYPTO_C
This is done to have PSA_WANT_xxx symbols available in check_config.h when MBEDTLS_PSA_CRYPTO_C.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
cf9d972a9a Fix config for MBEDTLS_SSL_PROTO_TLS1_3
Remove MBEDTLS_HKDF_C as it is not needed since #5838

Reasoning: we need SHA-256 or SHA-384 via PSA because they're used by HKDF which is now always done via PSA. If in addition to that USE_PSA is enabled, then everything is done via PSA so that's enough. Otherwise, we need the software implementation of SHA-256 or SHA-384, plus MD_C because we're using a VIA_MD_OR_PSA_BASED_ON_USE_PSA as discussed above.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
a9a8816107 ssl.h: adapt guards for MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Jerry Yu
6cf85a4bb0 update document abourt maximum ticket_age_tolerance
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 14:28:15 +08:00
Neil Armstrong
fb3093a9cb Use PSA_PAKE_ROLE_NONE in PSA_PAKE_OPERATION_INIT macro instead of 0
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-08 14:59:32 +02:00
Neil Armstrong
7cd4eacbd4 Fix typo in mbedtls_ecjpake_write_shared_key() comment
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-08 14:57:55 +02:00
Neil Armstrong
ecb221b1ff Move operation buffer in operation struct and remove dynamic allocation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-08 11:21:07 +02:00
Hannes Tschofenig
fd6cca4448 CID update to RFC 9146
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
2022-09-07 17:15:05 +02:00
Andrzej Kurek
f000471c66 Add missing MD dependency for pkcs5_pbkdf2_hmac
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:07:15 -04:00
Andrzej Kurek
345a92b321 Adjust PKCS5 dependencies in check_config
It's possible to build PKCS5 with PSA instead of MD
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:03:25 -04:00
Andrzej Kurek
65bf73ed6a Enable HMAC in config_psa.h regardless of MD availability
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:03:25 -04:00
Andrzej Kurek
890e78ae66 Deprecate mbedtls_pkcs5_pbkdf2_hmac
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:03:25 -04:00
Andrzej Kurek
dd36c76f09 Provide a version of pkcs5_pbkdf2_hmac without MD usage
Use the new implementation locally
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard
97fc247d6a
Merge pull request #6232 from AndrzejKurek/pkcs12-no-md
Remove MD dependency from pkcs12 module
2022-09-02 09:43:13 +02:00
Nick Child
5d881c36ea pkcs7: Change copyright
Signed-off-by: Nick Child <nick.child@ibm.com>
2022-09-01 19:45:41 -05:00
Nick Child
390e61a47a pkcs7.h: Make pkcs7 fields private
All fields in the mbedtls_pkcs7 struct have been made private with MBEDTLS_PRIVATE.

Signed-off-by: Nick Child <nick.child@ibm.com>
2022-09-01 19:45:41 -05:00
Nayna Jain
673a226698 pkcs7: add support for signed data
OpenSSL provides APIs to generate only the signted data
format PKCS7 i.e. without content type OID. This patch
adds support to parse the data correctly even if formatted
only as signed data

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
2022-09-01 19:45:41 -05:00