yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
17587 commits 1 branch 0 tags 94 MiB
Commit graph

7542 commits

Author SHA1 Message Date
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065 
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
 2021-10-18 17:51:50 +02:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551 
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
 2021-10-18 10:39:21 +02:00
Gilles Peskine
2bb5e9c973
Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0 
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
 2021-10-14 12:11:20 +02:00
Przemyslaw Stekiel
4cad4fc8a9 psa_crypto.c: use switch instead if-else in psa_aead_check_nonce_length and psa_aead_set_lengths (fixes #5065) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-13 14:04:36 +02:00
Ronald Cron
e3e16d5d67
Merge pull request #4982 from yuhaoth/pr/add-read-ptr-and-handshake-kex-modes 
TLS1.3:add read ptr and handshake kex modes
CI merge job: only "Session resume using tickets, DTLS: openssl client" failed in one component thus CI can be considered as passed.
 2021-10-11 19:23:12 +02:00
Ronald Cron
e23bba04ee
Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils 
TLS 1.3: ServerHello: add  utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012) thus we can consider that this PR passed CI.
 2021-10-11 11:01:11 +02:00
Jerry Yu
e4eefc716a Improve document for chk_buf_read_ptr 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-09 10:40:40 +08:00
Jerry Yu
fd320e9a6e Replace zeroize with memset 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 21:52:41 +08:00
Jerry Yu
88b756bacb move tls1_3 max md size 
It should be internal definition

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 18:41:38 +08:00
Jerry Yu
d1ab262844 define max md size for tls1_3 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 16:19:24 +08:00
Jerry Yu
205fd82f7e fix check_name fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 16:16:24 +08:00
Jerry Yu
ae0b2e2a2f Rename counter_len 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 15:40:14 +08:00
Jerry Yu
c1ddeef53a fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 15:40:14 +08:00
Jerry Yu
dca3d5ddf9 fix document issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 14:19:29 +08:00
Jerry Yu
0cabad375b fix doxygen parameter wrong 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 14:00:29 +08:00
Jerry Yu
adf861aad4 Address kex_modes check function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 14:00:29 +08:00
Jerry Yu
e15e665cfb fix comments and check return issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 14:00:29 +08:00
Jerry Yu
1b7c4a464c tls13: add key exchange modes in handshake params 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 14:00:29 +08:00
Jerry Yu
34da3727d6 Add check read ptr macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 14:00:29 +08:00
Przemyslaw Stekiel
c0fe820dc9 psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-07 11:08:56 +02:00
Gilles Peskine
023aa11760
Merge pull request #4996 from mprse/mbedtls_cipher_setup_psa_ECB 
Fix test gap: mbedtls_cipher_setup_psa() with ECB
 2021-10-01 14:49:10 +02:00
XiaokangQian
05420b120b TLS1.3: Add useful comments based on RFC8446 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-09-30 06:15:18 +00:00
XiaokangQian
16c61aa738 TLS1.3: Alignment coding styles based on comments 
Fix kinds of alignment issues in fetch handshake messages.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-09-30 02:14:23 +00:00
XiaokangQian
6b226b0874 Add fetch_hand_message in generic 
This function is one common function in generic file, get it from
the encrypted extension and submit one patch independently.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-09-30 02:14:23 +00:00
Ronald Cron
cd51e76583
Merge pull request #4338 from paul-elliott-arm/psa-m-aead 
Implement multipart PSA AEAD
 2021-09-29 22:48:33 +02:00
Paul Elliott
60116aee9e Invert logic on nonce length tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-29 14:40:16 +01:00
Paul Elliott
355f59edbe Fix formatting issues 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-29 14:40:16 +01:00
Paul Elliott
e716e6c00b Switch cipher enabled macros 
Switch from using MBEDTLS_PSA_BUILTIN_ macros over to using PSA_WANT_
macros, as code was moved from the internal drivers to the PSA Core.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-29 14:40:16 +01:00
Przemyslaw Stekiel
80c6a8e1a6 Add PSA support for MBEDTLS_CIPHER_AES_128_ECB 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-09-29 12:39:21 +02:00
Gilles Peskine
bfe3d87f24
Merge pull request #4842 from gilles-peskine-arm/public_fields-3.0-info 
Make some structure fields public: key info, ASN.1 and X.509 parsing, socket fd
 2021-09-29 12:37:09 +02:00
Jerry Yu
d96a5c2d86 Fix wrong usage of counter len macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-29 17:46:51 +08:00
Manuel Pégourié-Gonnard
1869377146
Merge pull request #4942 from yuhaoth/pr/add-tls13-client-dummy-state-handlers 
add tls13 client dummy state handlers and improve dispatch test
 2021-09-29 10:45:16 +02:00
Paul Elliott
baff51c8b7 Make sure nonce length checks use base algorithm 
Nonce length checks are now being used in the oneshot AEAD code as well,
which passes variant algorithms, not the base version, so need to
convert to base if necessary.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-28 17:47:24 +01:00
Paul Elliott
814f0c5fb1 Remove check for lack of supported ciphers 
Add comment explaining (currently) empty function.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-28 14:42:36 +01:00
Paul Elliott
946c920475 Add safety for nonce length to internal driver 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-28 14:42:36 +01:00
Jerry Yu
d9a94fe3d0 Add counter length macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-28 20:10:26 +08:00
Jerry Yu
6ca7c7fd6b Remove useless variables 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-28 18:51:40 +08:00
Paul Elliott
bb0f9e1740 Move all nonce length checks to PSA Core 
Remove duplicated code from oneshot API

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-28 11:16:27 +01:00
Paul Elliott
dff6c5d963 Restore internal driver for aead_set_lengths 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-28 11:16:27 +01:00
Jerry Yu
ad8d0bad10 Keep consistency order. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-28 17:58:26 +08:00
Jerry Yu
d52398d31f fix double underscore fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-28 16:13:44 +08:00
Paul Elliott
4ed1ed18d2 Move nonce size checking to PSA Core 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-27 18:24:11 +01:00
Paul Elliott
325d374e3d Move set lengths checking to PSA Core 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-27 18:24:11 +01:00
Paul Elliott
c78833abc7 Add reminder of assumption to documentation 
Key size is not verified by this function, but by the level above it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-27 16:00:40 +01:00
Gilles Peskine
7820a574f1 Catch failures of AES or DES operations 
Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-09-27 16:22:08 +02:00
Jerry Yu
148165cc6f Remove psa version of get_handshake_transcript 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
957f0fa1f7 Add length macro for in_ctr 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
e06f4532ef remove useless code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
4836952f9d fix tls1_3 prefix issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
92c1ca221f fix likely typos error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00