David Horstmann
c7f700c795
Fix incorrect printing of OIDs
...
The first 2 components of an OID are combined together into the same
subidentifier via the formula:
subidentifier = (component1 * 40) + component2
The current code extracts component1 and component2 using division and
modulo as one would expect. However, there is a subtlety in the
specification[1]:
>This packing of the first two object identifier components recognizes
>that only three values are allocated from the root node, and at most
>39 subsequent values from nodes reached by X = 0 and X = 1.
If the root node (component1) is 2, the subsequent node (component2)
may be greater than 38. For example, the following are real OIDs:
* 2.40.0.25, UPU standard S25
* 2.49.0.0.826.0, Met Office
* 2.999, Allocated example OID
This has 2 implications that the current parsing code does not take
account of:
1. The second component may be > 39, so (subidentifier % 40) is not
correct in all circumstances.
2. The first subidentifier (containing the first 2 components) may be
more than one byte long. Currently we assume it is just 1 byte.
Improve parsing code to deal with these cases correctly.
[1] Rec. ITU-T X.690 (02/2021), 8.19.4
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-14 17:00:25 +00:00
Gabor Mezei
0b4b8e3c5e
Update documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-14 16:36:38 +01:00
Dave Rodgman
319a5675db
Merge pull request #7084 from daverodgman/sizemax-uintmax
...
Assume SIZE_MAX >= INT_MAX, UINT_MAX
2023-02-14 10:06:22 +00:00
Ronald Cron
70341c17b7
Merge pull request #6773 from yanrayw/6675-change-early_secrets-to-local
...
TLS 1.3: Key Generation: Change tls13_early_secrets to local variable
2023-02-14 09:03:32 +01:00
Paul Elliott
1748de160a
Fix IAR Warnings
...
IAR was warning that conditional execution could bypass initialisation of
variables, although those same variables were not used uninitialised.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-13 15:35:35 +00:00
Gabor Mezei
a264831cff
Update documentation and add comments
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-13 16:29:05 +01:00
Andrzej Kurek
7a05fab716
Added the uniformResourceIdentifier subtype for the subjectAltName.
...
Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:03:07 -05:00
Manuel Pégourié-Gonnard
d3d8c852a0
Merge pull request #6997 from valeriosetti/issue6858
...
driver-only ECDSA: get testing parity in X.509
2023-02-13 15:30:06 +01:00
Valerio Setti
178b5bdddf
pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 11:15:06 +01:00
Jerry Yu
b2783f66b5
fix typo issue
...
The error message is wrong
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-13 18:03:25 +08:00
Dave Rodgman
ab1f3c153a
Merge pull request #7081 from tom-cosgrove-arm/dont-use-lstrlenW
2023-02-10 20:50:07 +00:00
Dave Rodgman
4a5c9ee7f2
Remove redundant SIZE_MAX guards
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 16:03:44 +00:00
Gilles Peskine
b8531c4b0b
Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev
...
X.509: Fix bug in SAN parsing and enhance negative testing
2023-02-10 15:05:32 +01:00
Dave Rodgman
f691268ee9
Add missing initialisers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
35598adb78
pkcs7: Check that hash algs are in digestAlgorithms
...
Since only a single hash algorithm is currenlty supported, this avoids
having to perform hashing more than once.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
6cfc469296
pkcs7: reject signatures with internal data
...
A CMS signature can have internal data, but mbedTLS does not support
verifying such signatures. Reject them during parsing.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
e373a254c4
pkcs7: do not store content type OIDs
...
They will always be constant.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
55d9df25ef
Simple cleanup
...
No change in behavior.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
4ec8355795
Check for junk after SignedData
...
There must not be any.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
aaf3c0028d
pkcs7: do not store content type OID
...
Since only one content type (signed data) is supported, storing the
content type just wastes memory.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
512818b1d2
pkcs7: check that content lengths fill whole buffer
...
Otherwise invalid data could be accepted.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 12:56:10 +00:00
Dave Rodgman
a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage
...
Pkcs7 coverage
2023-02-10 12:55:29 +00:00
Tom Cosgrove
b96c309395
Don't use lstrlenW() on Windows
...
The lstrlenW() function isn't available to UWP apps, and isn't necessary, since
when given -1, WideCharToMultiByte() will process the terminating null character
itself (and the length returned by the function includes this character).
Resolves #2994
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-10 12:52:13 +00:00
Ronald Cron
834e65d47f
Merge pull request #6499 from xkqian/tls13_write_end_of_early_data
...
Tls13 write end of early data
2023-02-10 11:08:22 +01:00
Dave Rodgman
78c6f40736
Fix code-style
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-09 09:21:14 +00:00
Nick Child
14f255f332
pkcs7: Remove unnecessary dependencies
...
stdio, stdlib and string header files are not
used. Remove them.
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-08 15:38:48 +00:00
Valerio Setti
ce0caa3384
oid: fix comment in #endif
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
f972ce8d69
oid: replace ECDSA_C with new macros for ECDSA capabilities
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
80d0798ae8
pk_wrap: use new macros for ECDSA capabilities
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:49:17 +01:00
Valerio Setti
5c032b5e1b
pk_wrap: fix comment in ecdsa_verify_wrap
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Valerio Setti
b761b15f06
fix code style
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Valerio Setti
1337a4f334
pk_wrap: use specific lengths for EC's private key and key-pair
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Valerio Setti
5bc52248ef
pk_wrap: fix for DETERMINISTIC_ECDSA case in ecdsa_sign_wrap()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Gilles Peskine
8a6022e948
Clean up header inclusions in pk_wrap.c
...
To better reflect what the code relies on, limit the headers that are
included when MBEDTLS_USE_PSA_CRYPTO is disabled. Also stop including
"pkwrite.h" when it is no longer needed.
Include "mbedlts/platform_util.h" unconditionally. It was only included for
RSA ALT but was also used for MBEDTLS_USE_PSA_CRYPTO (the code worked
because other headers include "mbedtls/platform_util.h").
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 13:39:10 +01:00
Gilles Peskine
13caa94746
Don't use pk_write in ecdsa_sign_wrap with USE_PSA_CRYPTO
...
Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_sign_wrap() was calling
mbedtls_pk_write_key_der() to write a private key in SEC1 format, only to
then extract the part that represents the private value which is what
psa_import_key() actually wants. Instead, call an mpi function to directly
get the private key in the desired format.
This slightly reduces the code size and stack usage, and removes a
dependency on pk_write.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 13:39:10 +01:00
Gilles Peskine
b4a87b07f8
Don't use pk_write in ecdsa_verify_wrap with USE_PSA_CRYPTO
...
Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_verify_wrap() was calling
mbedtls_pk_write_pubkey() to write a public key in the form of a
subjectPublicKey, only to then extract the part that represents the EC
point which psa_import_key() actually wants. Instead, call an ecp
function to directly get the public key in the desired format (just the
point).
This slightly reduces the code size and stack usage, and removes a
dependency on pk_write.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 13:39:10 +01:00
Xiaokang Qian
0de0d863b6
Rebase code to restore reco-delay and fix some style issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 07:41:42 +00:00
Xiaokang Qian
8dc4ce76c7
Fix various coding style and comment issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
6b980011e5
Replace session_negotiate->ciphersuite with handshake->ciphersuite_info->id
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
53c4c27d35
Update the comment of ciphersuite check for early data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
64bc9bc33d
Add comments to describe the early data behavior-encrypt/rejected...
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
e04afdc44f
Refine the condition of whether re-generate early keys
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
eb31cbc791
Share the hash check code between ticket and external psk
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
4ef8ba2938
Assign the ciphersuite in finalize_hrr{server_hello}
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
bb883244aa
Remove useless comments of outbound switch
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
02f5e14073
Combine the alert check of selected_id and ciphercuite
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
934ce6f6a9
Rename the finalize_client{server}_hello()
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
ac4c625dea
Add hash check of ciphersuite for ticket psk
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
6be8290aba
Change to CCS after client hello only if we offer early data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
7179f810f1
Restore the empty lines
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
b58462157e
Refine the ciphersuite and select id check for early data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
44051f6376
Refine the state change after write client hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
7892b6caad
Refine the comment about generating early secrects in post server hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
bd0ab06d50
Skip CCS once we proposed early data even it is rejected
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
f6d8fd3d6b
Improve the coding style of new lines
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
79f77528f5
Move state change to finalize client hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
3f616c2493
Move selected_identity zero check to post_server_hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
1d8e86ce00
Get hash_alg by mbedtls_psa_translate_md
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
ea28a78384
Revert new field and check ciphersuite match when resume by exist info_id
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
4224244883
Improve coding styles and add comments
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
33ff868dca
Fix various errors
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
43a83f247c
Move the place where call set_outbound_transform to switch handshake key
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
907461319a
Fix compile error and warnings
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
f10f474981
Check server selected cipher suite indicating a Hash associated with the PSK
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
592021aceb
Add CCS after client hello in case of early data and comp mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
303f82c5b9
Skip generating early secrets in some cases
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
b46275c7ec
Add TLS1_3 guard to finalize_write_client_hello() to fix compile issue
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:43 +00:00
Xiaokang Qian
2a674937dd
Pend a illeagal allert when selected_identity isn't 0
...
Handshake should abort will illeagal parameter allert when
receiving early data extentions but the selected_identity
parsed from pre-share key isn't equal to 0.
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:46:48 +00:00
Xiaokang Qian
126929f825
Move early keys generation into mbedtls_ssl_tls13_finalize_write_client_hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:46:45 +00:00
Xiaokang Qian
19d4416a45
Refine code to remove finalize_write_end_of_early_data()
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
7094f66879
Remove useless duplicted mbedtls_ssl_tls13_ticket_get_psk
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
854db28bb7
Set hs_psk,ciphercuit_info and kex mode when writing pre-share key
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
57a138d5c3
Update message log for end of early data test cases
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
742578ca2c
Remove end_of_early_data_coordinate() to align with exist style
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
bc75bc0c3a
Switch to MBEDTLS_SSL_END_OF_EARLY_DATA as needed
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
c81a15a019
Change the comment format of end_of_early_data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
7ed30e59af
Fix the issue that gnutls server doesn't support packet
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
8804e6d0ac
Put kex_exchange_mode in the guard of TLS13
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
da8402dde6
Switch outbound back to handshake key after end_of_early_data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
bf09376bda
Remove useless prepare_write_end_of_early_data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
df6f52e2b2
Generate early key and switch outbound key to it after write client hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
d05ac5dfce
Add extern apis mbedtls_ticket_get_psk.
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
32af4fbbdb
Set ciphersuite info and kex mode in set_session in re-connection
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
34aab55aa7
Add prepare function to switch transform to early keys
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:58 +00:00
Xiaokang Qian
125afcb060
Add end-of-early-data write
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:58 +00:00
Nick Child
3dafc6c3b3
pkcs7: Drop support for signature in contentInfo of signed data
...
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.
Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
- Demi Marie Obenour <demiobenour@gmail.com>
- Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-07 20:04:52 +00:00
Valerio Setti
5b16e9eabc
pk_wrap: keep ECDSA_C for ECP_RESTARTABLE contexts
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 16:21:36 +01:00
Hanno Becker
dae916b05f
X.509: Add length consistency checks to x509_get_other_name()
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:24:32 -05:00
Hanno Becker
2a15a0c868
X.509: Remove red'n bounds checks and zeroiz'n in OtherName parsing
...
- ASN.1 parsing functions check that length don't exceed buffer bounds,
so checks `p + len > end` are redundant.
- If `p + len == end`, this is erroneous because we expect further fields,
which is automatically caught by the next ASN.1 parsing call.
Hence, the two branches handling `p + len >= end` in x509_get_other_name()
can be removed.
Further, zeroization of the `other_name` structure isn't necessary
because it's not confidential (and it's also not performed on other
error conditions in this function).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:15:27 -05:00
Hanno Becker
ae8f8c435c
Fix X.509 SAN parsing
...
Fixes #2838 . See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:27 -05:00
Jerry Yu
2bb3d8101f
Add en(de)crypt routine
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:53 +08:00
Jerry Yu
e096da1af6
Add inverse key function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:52 +08:00
Jerry Yu
3f2fb71072
Add key expansion for encrypt
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:52 +08:00
Jerry Yu
b95c776c43
Add linux runtime detection
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:52 +08:00
Jerry Yu
49231319fd
Add empty aesce files
...
For time being, we only support gcc and clang
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:52 +08:00
Valerio Setti
1cdddacc62
pk_wrap: use proper macros for sign and verify
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
5c593af271
pk_wrap: fix comment on closing #endif
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
24138d9f83
pk_wrap: re-use identical functions for eckey and ecdsa when possible
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
7ca1318256
pk: add new symbol for generic ECDSA capability
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
9e30dd882d
removing a leftover printf from debug
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
ab363d9fe1
pk/pk_wrap: replace ECDSA_C with generic ECDSA capabilities' defines
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Gabor Mezei
63aae68b8f
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-06 16:24:08 +01:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3
...
Parsing v3 extensions from a CSR - v.2
2023-02-03 16:41:11 +01:00
Gilles Peskine
80c552556a
Merge pull request #6791 from yanrayw/6675-change-some-key-generation-funcs-to-static
...
TLS 1.3: Key Generation: change some key generation functions to static
2023-02-03 11:56:35 +01:00
Yanray Wang
f206c1493b
Remove duplicate mbedtls_platform_zeroize for tls13_early_secrets
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-03 13:55:47 +08:00
Dave Rodgman
6dd757a8ba
Fix use of sizeof without brackets
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 12:40:50 +00:00
Nick Child
282d50493a
pkcs7: Remove duplicate oid condition
...
MBEDTLS_OID_PKCS7_ENCRYPTED_DATA was listed twice in
the oid conditional. Remove one of them.
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-01 18:32:55 +00:00
Gilles Peskine
24c6f49530
Merge pull request #7005 from tom-cosgrove-arm/fix-doxygen-typos-in-new-bignum
...
Fix typos in doxygen commands in new bignum modules
2023-02-01 19:05:04 +01:00
Gilles Peskine
a193986aab
Merge pull request #6942 from ucko/2023a-bignum
...
mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701 ).
2023-02-01 11:36:25 +01:00
Tom Cosgrove
8a1f784ece
Fix typos in doxygen commands in new bignum modules
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-01 08:43:54 +00:00
Yanray Wang
a12cecbe47
Modify some comments in ssl_tls13_keys.c
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-01 14:29:51 +08:00
Nick Child
3bd17f2f58
pkcs7: Use end_issuer_and_sn where appropriate
...
There were some areas where `end_signer` were being
used when it makes more sense to use `end_issuer_and_sn`,
as pointed out by demiobenour@gmail.com .
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-31 20:42:26 +00:00
Gabor Mezei
2038ce976e
Rename function to follow naming convention
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-31 14:40:05 +01:00
Gabor Mezei
9b290b33e4
Add documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-31 14:40:05 +01:00
Gabor Mezei
deece2bb65
Change the ecp_mod_p192_raw to be testable
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-31 14:40:05 +01:00
Gabor Mezei
b5bba497fe
Extract Secp192r1 from the prototype
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-31 14:40:05 +01:00
Gilles Peskine
f6b9823422
Merge pull request #6979 from daverodgman/const-time-asm-vol
...
Inhibit compiler from optimising out const-time asm
2023-01-31 11:28:45 +01:00
Gilles Peskine
470f10cfc5
Merge pull request #6941 from gabor-mezei-arm/6375_quasi-reduction_function
...
Add function to fix quasi-reduction
2023-01-31 11:25:25 +01:00
Nick Child
ec81709516
pkcs7: Ensure all data in asn1 structure is accounted for
...
Several PKCS7 invalid ASN1 Tests were failing due to extra
data bytes or incorrect content lengths going unnoticed. Make
the parser aware of possible malformed ASN1 data.
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:44:58 +00:00
Gabor Mezei
db1607fa69
Remove unneeded include
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-30 16:27:48 +01:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843
...
Improve X.509 cert writing serial number management
2023-01-30 13:08:57 +01:00
Dave Rodgman
4610d4b7a6
Inhibit compiler from optimising out const-time asm
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-30 09:26:48 +00:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215
...
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
2023-01-27 10:05:00 +01:00
Przemek Stekiel
36ad5e7ab5
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-26 22:30:45 +01:00
Valerio Setti
af4815c6a4
x509: replace/fix name of new function for setting serial
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-26 17:43:09 +01:00
Janos Follath
803638c023
Merge pull request #6939 from minosgalanakis/bignum/6027_hardcode_montgomery_moduli
...
Bignum: hardcode montgomery moduli
2023-01-25 16:51:11 +00:00
Przemek Stekiel
32e20919ac
Remove redundant check and add comment to inform about processing of empty extensions
...
Netscape Certificate Management System Administrator's Guide: Extension-Specific Policy Modules, Chapter 18: Extension-Specific Policy Modules, Netscape Certificate Type Extension Policy:
> The extension has no default value.
A bitstring with no flags set is still technically valid, as it will mean that the certificate has no designated purpose at the time of creation.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 16:20:25 +01:00
Gabor Mezei
9a66ab180c
Fix missing declarration
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-25 13:23:38 +01:00
Przemek Stekiel
94e21e153f
Skip unsupported extensions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 11:08:32 +01:00
Gilles Peskine
8296eabed6
Merge pull request #6957 from tom-cosgrove-arm/fix-spelling-of-doxygen-return
...
Fix doxygen return parameter spelling
2023-01-24 21:56:45 +01:00
Gilles Peskine
3b8623fe2c
Merge pull request #6903 from Mihir-Raj-Singh/Bignum_rename_mtoN
...
Rename modulus input argument from m to N
2023-01-24 21:48:54 +01:00
Gabor Mezei
627e5b1f91
Only enable fix_quasi_reduction when testing
...
Avoid compiler error due to the fix_quasi_reduction function
is static and has not been used.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-24 18:13:24 +01:00
Przemek Stekiel
a468768000
Dealocate memory for subject alt names
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 15:19:47 +01:00
Przemek Stekiel
86d1946164
Fix error codes returned on failures
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 11:20:10 +01:00
Przemek Stekiel
cf6ff0fb43
Move common functions for crt/csr parsing to x509.c
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
db128f518c
Allow empty ns_cert_type, key_usage while parsing certificates
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
21c37288e5
Adapt function names
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
cbaf3167dd
mbedtls_x509_csr_info: Add parsing code for v3 csr extensions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Jens Alfke
2d9e359275
Parsing v3 extensions from a CSR
...
A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the
X.509v3 extensions included in the CSR -- the key usage, Netscape
cert-type, and Subject Alternative Names.
Author: Jens Alfke <jens@couchbase.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:56:55 +01:00
Gabor Mezei
a24fd06451
Update documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 19:10:26 +01:00
Gabor Mezei
9073f7dd3b
Remove unneeded check
...
The fix_quasi_reduction function changed to static so checking the
invalid arguments are not needed anymore.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 19:05:37 +01:00
Gabor Mezei
e81a2b85c9
Change the fix_quasi_reduction function to static
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 18:58:20 +01:00
Gabor Mezei
aaa1d2a276
Move the quasi reduction fixing function to bignum_mod_raw
...
Rename the function to 'fix_quasi_reduction' to better suite its functionality.
Also changed the name prefix to suite for the new module.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 18:55:57 +01:00
Tom Cosgrove
37dabd540b
Fix doxygen return parameter spelling
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-01-23 16:57:26 +00:00
Minos Galanakis
8692ec8bc0
pkarse: Added pk_group_id_from_specified()
documentation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-23 10:33:06 +00:00
Dave Rodgman
7658b63390
Remove volatile from diff; add explanatory comment
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
fa96026a0e
Move definition of asm out of public header
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
7f376fa6fc
Improve documentation
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
b9cd19bc8c
Prevent perf regressions in mbedtls_xor
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
051225d07a
Address potential perf regression
...
Ensure platforms that don't have an assembly implementation for
mbedtls_get_unaligned_volatile_uint32() don't experience a performance
regression.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
36dfc5a237
Improve efficiency of some constant time functions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
cb0f2c4491
Tidy-up - move asm #define into build_info.h
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Minos Galanakis
c8e381ab1c
pkarse: Update pk_group_id_from_specified()
clean-up.
...
This path updates the clean-up logic of to individually
free each of the the group's structure members
rather than invoke `mbedtls_ecp_group_free()`.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:15:11 +00:00
Minos Galanakis
e9fa7a74cd
ecp_curves: Update pre-processor define guards for ecp_mpi_load()
.
...
This patch adjusts the logic, so that the method is included,
when the following components are enabled:
* MBEDTLS_ECP_DP_CURVE448_ENABLED
* MBEDTLS_ECP_DP_CURVE25519_ENABLED
* ECP_LOAD_GROUP
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:12:07 +00:00
Minos Galanakis
d61dbd4df7
ecp_curves: Update mbedtls_ecp_group_free()
.
...
This patch updates the method to not free the `grp->P`
and `grp->N` structure members.
The contents of `P` and `N` are stored in static memory at
`curve448_p/n` and `curve25519p/n` and no longer dynamically
allocated.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:11:55 +00:00
Minos Galanakis
146fed9849
ecp_curves: Hardcode Montgomery const for curve448.
...
This patch adds two embedded constants used by `ecp_use_curve448()`.
The method has been updated to read that into an mpi instead of
calculating it on the fly.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:11:50 +00:00
Minos Galanakis
bececeb0b9
ecp_curves: Hardcod Montgomery const for curve25519
...
This patch adds two embedded constants used by `ecp_use_curve25519()`.
The method has been updated to read that into an mpi instead of
calculating it on the fly.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 11:38:19 +00:00
Gilles Peskine
bb3814c7a8
Reject key agreement chained with PSA_ALG_TLS12_ECJPAKE_TO_PMS
...
The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be
used on a shared secret from a key agreement since its input must be
an ECC public key. Reject this properly.
This is tested by test_suite_psa_crypto_op_fail.generated.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:23 +01:00
Aaron M. Ucko
af67d2c1cf
mbedtls_mpi_sub_abs: Skip memcpy when redundant ( #6701 ).
...
In some contexts, the output pointer may equal the first input
pointer, in which case copying is not only superfluous but results in
"Source and destination overlap in memcpy" errors from Valgrind (as I
observed in the context of ecp_double_jac) and a diagnostic message
from TrustInSoft Analyzer (as Pascal Cuoq reported in the context of
other ECP functions called by cert-app with a suitable certificate).
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
2023-01-17 11:52:22 -05:00
Gabor Mezei
c83f792c18
Add documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-17 13:28:06 +01:00
Gabor Mezei
9684d4dc58
Add quasi-reduction function for ecp
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-17 13:16:46 +01:00
Mihir Raj Singh
432cacf5c2
bignum_mod_raw: Renamed m
-> N in mbedtls_mpi_mod_raw_neg()
...
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-17 11:25:26 +05:30
Mihir Raj Singh
b0354c5b71
bignum_mod_raw: Renamed m
-> N in mbedtls_mpi_mod_raw_from_mont_rep()
...
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:11:18 +05:30
Mihir Raj Singh
37ece7292a
bignum_mod_raw: Renamed m
-> N in mbedtls_mpi_mod_raw_to_mont_rep()
...
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:10:40 +05:30
Mihir Raj Singh
01e861ff9e
bignum_mod_raw: Renamed m
-> N in mbedtls_mpi_mod_raw_write()
...
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:10:00 +05:30
Mihir Raj Singh
cd17ff0354
bignum_mod_raw: Renamed m
-> N in mbedtls_mpi_mod_raw_read()
...
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:09:12 +05:30
Mihir Raj Singh
a43290d556
bignum_mod: Renamed m
-> N in mbedtls_mpi_mod_write()
...
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:08:17 +05:30
Mihir Raj Singh
fdc314b6fe
bignum_mod: Renamed m
-> N in mbedtls_mpi_mod_read()
...
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:06:16 +05:30
Mihir Raj Singh
928a07ba49
bignum_mod: Renamed m
-> N in mbedtls_mpi_mod_modulus_free
...
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:04:37 +05:30
Mihir Raj Singh
f438ad1ab9
bignum_mod: Renamed m
-> N in mbedtls_mpi_mod_modulus_setup()
...
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:03:06 +05:30
Mihir Raj Singh
b6fa940fc4
bignum_mod: Renamed m
-> N in mbedtls_mpi_mod_modulus_init()
...
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:02:04 +05:30
Mihir Raj Singh
b13a58938a
bignum_mod: Renamed m
-> N in mbedtls_mpi_mod_residue_setup()
...
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:01:25 +05:30
Pengyu Lv
9b84ea75de
remove ssl_tls13_has_compat_ticket_flags
...
This content of the function is moved to
ssl_tls13_has_configured_ticket.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 14:08:23 +08:00
Pengyu Lv
e2f1dbf5ae
update docs of ssl_client2 and improve code format
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 12:38:12 +08:00
Pengyu Lv
4938a566bf
refine ticket_flags printing helper
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 11:28:49 +08:00
Pengyu Lv
acecf9c95b
make ticket_flags param types consistent
...
When ticket_flags used as parameter, use unsigned int,
instead of uint8_t or mbedtls_ssl_tls13_ticket_flags.Also
remove the definition of mbedtls_ssl_tls13_ticket_flags.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 11:23:24 +08:00
Pengyu Lv
3643fdbab9
refine the state setting in tls13_handshake_wrapup
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:06:02 +08:00
Pengyu Lv
ee455c01ce
move ticket_flags debug helpers
...
The debug helpers printing ticket_flags status are
moved to ssl_tls.c and ssl_debug_helpers.h.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:06:01 +08:00
Pengyu Lv
189465306d
remove MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE error
...
Return MBEDTLS_ERR_ERROR_GENERIC_ERROR when ticket_flags
are not compatible with advertised key exchange mode.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:06:00 +08:00
Pengyu Lv
80270b2151
rename ticket_flags helper functions to generic ones
...
Ticket flags is quite generic and may make sense in the
future versions of TLS or even in TLS 1.2 with new
extensions. This change remane the ticket_flags helper
functions with more generic `mbedtls_ssl_session` prefix
instead of `mbedtls_ssl_tls13_session`.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:59 +08:00
Pengyu Lv
a1aa31b8b1
fix review comments
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:58 +08:00
Pengyu Lv
1735ba30ea
fix review comments
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:57 +08:00
Pengyu Lv
9eacb44a5e
improve code format and readability
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:57 +08:00
Pengyu Lv
9356678047
filter the tickets with tls13_kex_mode on client side.
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:56 +08:00
Pengyu Lv
e6487fe3c2
guard tls13_kex_modes related function calls with macro
...
Handshake parameter field, tls13_kex_mode is only valid when
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED is set.
So, any functions / calls should be guarded by this macros.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:55 +08:00
Pengyu Lv
3eb49be6a8
move kex mode check in ticket_flags to psks_check_identity_match_ticket
...
Move the kex mode check in ticket_flags to
ssl_tls13_offered_psks_check_identity_match_ticket and add new error
'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check
failure.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:55 +08:00
Pengyu Lv
c7af2c4f8c
tls13: send new session ticket only when client supports psk
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:54 +08:00
Pengyu Lv
c55eeb682d
tls13: check if the session ticket is compatible with key exchange modes
...
The server check if the ticket_flags is compatible with the advertised
key exchange modes in Pre-Shared Key Exchange Modes extension. The
incompatible ticket should be mark as not matched.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:53 +08:00
Pengyu Lv
9f92695c8d
tls13: set key exchange mode in ticket_flags on client/server
...
Set the ticket_flags when:
- server: preparing NST (new session ticket) message
- client: postprocessing NST message
Clear the ticket_flags when:
- server: preparing NST message
- client: parsing NST message
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:53 +08:00
Pengyu Lv
b7d50acb37
tls13: add helpers to manipulate ticket_flags
...
Add helper functions to get/set/clear ticket_flags.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:52 +08:00
Pengyu Lv
5b8dcd2097
Add debug helper to print ticket_flags status
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:52 +08:00
Valerio Setti
856cec45eb
test: x509: add more tests for checking certificate serial
...
- added 2 new certificates: 1 for testing a serial which is full lenght
and another one for a serial which starts with 0x80
- added also proper Makefile and openssl configuration file to generate
these 2 new certificates
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
4752aac11d
x509: enhancement and fixes
...
- enhance mbedtls_x509write_crt_set_serial(): avoid use of useless
temporary buffer
- fix mbedtls_x509write_crt_der(): add an extra 0x00 byte at the
beginning of serial if the MSb of serial is 1, as required from
ASN.1
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
746def5ade
x509: renaming of buffer variables in new serial setting function
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
acf12fb744
x509: fix endianness and input data format for x509write_crt_set_serial_new
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
5d164c4e23
fix: add missing deprecation guards
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
da0afcc2fb
x509: remove direct dependency from BIGNUM_C
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Yanray Wang
ef5ec8f5ba
Rename static functions in ssl_tls13_keys.c
...
As some static functions are only used inside ssl_tls13_keys.c,
the prefix mbedtls_ should be removed. Furthermore, code format is
also maintained to fix code style.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 15:11:03 +08:00
Yanray Wang
0540211078
Enhancement: change some functions to static in ssl_tls13_keys.c
...
Since some functions are only used in ssl_tls13_keys.c not by any
other modules, those functions are changed to static.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 14:54:26 +08:00
Yanray Wang
16c895dff3
TLS1.3: zeroize tls13_early_secrets after its lifetime
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 14:27:06 +08:00
Yanray Wang
bae9e74d39
Enhancement: change tls13_early_secrets to local variable
...
Since tls13_early_secrets is only temperately used in the function,
there is no need to keep it in the handshake context.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 14:27:06 +08:00
Gilles Peskine
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Gilles Peskine
03e99cf14d
Remove redundant error code definitions
...
We're including psa/crypto_values.h, which defines the necessary error
codes. Remove redundant definitions, which hurt because they need to be
styled in exactly the same way (same presence/absence of spaces between
tokens).
This completes the fix of https://github.com/Mbed-TLS/mbedtls/issues/6875 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 11:15:18 +01:00
Ronald Cron
83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail
...
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
2023-01-11 09:05:36 +01:00
Gilles Peskine
0770efe4e1
Merge pull request #6888 from daverodgman/iar-bignum-warning
...
Fix IAR warning
2023-01-10 22:08:37 +01:00
Manuel Pégourié-Gonnard
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
...
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
Jerry Yu
3e60cada5d
Improve comment and changlog
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-10 14:58:08 +08:00
Valerio Setti
a0b97bc803
fix wrong type in debug message
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 19:10:32 +01:00
Valerio Setti
1e868ccbac
fix several typos and extra blank spaces
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 17:59:46 +01:00
Valerio Setti
2b5d3ded1f
remove remaining occurencies of mbedtls_ecc_group_to_psa() from TLS
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 11:04:52 +01:00
Jerry Yu
bdb936b7a5
Workaround anti replay fail of GnuTLS
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-07 20:19:55 +08:00
Glenn Strauss
14db51224e
Fix IAR warning
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-06 14:20:14 +00:00
Gilles Peskine
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype
...
TLS 1.3: Upstream misc fix from prototype
2023-01-05 14:35:54 +01:00
David Horstmann
bec95320ba
Don't restyle end of file
...
Move the *INDENT-ON* annotation to the end of the file so that
uncrustify does not restyle the later sections (since it introduces a
risk of future problems).
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-05 09:50:47 +00:00
David Horstmann
cb3b6ae580
Disable code style correction for bignum assembly
...
The inline assembly defined in bn_mul.h confuses code style parsing,
causing code style correction to fail. Disable code style correction for
the whole section gated by "#if defined(MBEDTLS_HAVE_ASM)" to prevent
this.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-04 17:50:08 +00:00
Valerio Setti
67419f0e11
tls: fix + save code size when DEBUG_C is not enabled
...
Some PSA curves' symbols (PSA_WANT_) were not matching the corresponding
MBEDTLS_ECP_DP_. This was fixed together with the removal of extra code
when DEBUG_C is not enabled.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-04 17:36:00 +01:00
Valerio Setti
40d9ca907b
tls: remove useless legacy function
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-04 16:08:04 +01:00
Valerio Setti
18c9fed857
tls: remove dependency from mbedtls_ecp_curve functions
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 13:03:34 +01:00
David Horstmann
e3d8f31ba1
Workaround Uncrustify parsing of "asm"
...
The following code:
#ifndef asm
#define asm __asm
#endif
causes Uncrustify to stop correcting the rest of the file. This may be
due to parsing the "asm" keyword in the definition.
Work around this by wrapping the idiom in an *INDENT-OFF* comment
wherever it appears.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-03 11:07:09 +00:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702
...
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
2023-01-03 09:36:58 +01:00
Janos Follath
b4b0bb737d
Merge pull request #5907 from mpg/use-psa-rsa-pss
...
Use PSA more often in `pk_verify_ext()`
2022-12-30 12:33:50 +00:00
Gilles Peskine
b402e4bde1
Merge pull request #6595 from mfischer/lms_heap
...
lms: Move merkle tree generation to heap allocation
2022-12-23 18:29:04 +01:00
Valerio Setti
326cf46764
test: improved readability in sha self tests
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-23 14:57:18 +01:00
Manuel Pégourié-Gonnard
676766ff77
Merge pull request #6776 from gabor-mezei-arm/6222_bignum_mod_mul
...
Bignum: Implement fixed width modular multiplication
2022-12-23 10:39:30 +01:00
Manuel Pégourié-Gonnard
2fcb4c1d06
Merge pull request #6747 from gilles-peskine-arm/bignum-mod-random
...
Bignum mod random
2022-12-23 10:36:22 +01:00
Valerio Setti
543d00ef6f
sha: remove SHA1 from ssl_cookie
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:27:34 +01:00
Manuel Pégourié-Gonnard
2510dd41bf
Merge pull request #6282 from gstrauss/sw_derive_y
...
mbedtls_ecp_point_read_binary from compressed fmt
2022-12-22 10:20:31 +01:00
Manuel Pégourié-Gonnard
4dacf58d6d
Take advantage of now-public macro in pk.c
...
Used to be private, hence the duplication, but that's been fixed in the
meantime, I guess we just missed this occurrence.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-21 09:50:17 +01:00
Manuel Pégourié-Gonnard
6958355a51
Use PSA Crypto more often in pk_verify_ext()
...
See https://github.com/Mbed-TLS/mbedtls/issues/5277 - strategy 1.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-21 09:49:57 +01:00
Gilles Peskine
e1d8326e90
Fix representation of mod-random output
...
mbedtls_mpi_mod_raw_random() and mbedtls_mpi_mod_random() were producing
output in the Montgomery representation, instead of obeying the
representation chosen in the modulus structure. Fix this.
Duplicate the test cases for mod-random output to have separate test cases
for each representation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-20 20:28:02 +01:00
Gilles Peskine
e655479528
Generalize representation handling in mbedtls_mpi_mod_read
...
Call mbedtls_mpi_mod_raw_canonical_to_modulus_rep instead of assuming that
anything that isn't MBEDTLS_MPI_MOD_REP_MONTGOMERY is canonical.
mbedtls_mpi_mod_write should get the same treatment, but I'm holding off
until https://github.com/Mbed-TLS/mbedtls/issues/6679 is done.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-20 19:55:51 +01:00
Gilles Peskine
eb2e77f617
Document modulus representation selectors
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-20 19:55:51 +01:00
Gilles Peskine
1e2a4d4089
Functions to convert raw residues to/from the modulus representation
...
Test cases will be generated automatically by a subsequent commit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-20 19:55:51 +01:00
Gabor Mezei
496cd37bac
Use equality checking for NULL value
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-20 17:30:20 +01:00
Gabor Mezei
2840884c35
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-20 17:30:19 +01:00
Gabor Mezei
6a31b7252d
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-20 17:30:19 +01:00
Gabor Mezei
9db81e9cca
Add mod_mul function
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-20 17:30:13 +01:00
Glenn Strauss
efde9d58de
remove duplicated consecutive preproc directives
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-20 04:20:12 -05:00
Manuel Pégourié-Gonnard
8b6d14be8b
Extract common code for computing X^3 + AX + B
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-20 04:17:03 -05:00
Glenn Strauss
452416121d
move mbedtls_ecp_sw_derive_y after MPI_ECP_ macros
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-19 21:25:27 -05:00
Glenn Strauss
fcabc28cfc
use MPI_ECP_* macros in mbedtls_ecp_sw_derive_y()
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-19 21:24:50 -05:00
Gilles Peskine
e162b4725c
Merge pull request #6777 from tom-cosgrove-arm/issue-6292-mod_inv
...
Bignum: Implement high level fixed width modular inversion
2022-12-17 13:26:02 +01:00
Gilles Peskine
cf86d70162
Merge pull request #6742 from gabor-mezei-arm/6022_bignum_mod_raw_mul
...
Bignum: Implement fixed width raw modular multiplication
2022-12-17 13:25:43 +01:00
Tom Cosgrove
f723754f6d
Fix typos
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-16 16:10:36 +00:00
Glenn Strauss
cbfd5e9db7
comment
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-16 11:03:41 -05:00
Glenn Strauss
369bfb94c5
comments and whitespace
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-16 10:49:04 -05:00
Gabor Mezei
210ea63d8b
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-16 16:35:24 +01:00
Valerio Setti
e7221a21ad
test: adjust depends.py to new SHA224/SHA384 changes
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-16 14:43:48 +01:00
Tom Cosgrove
342d00bc22
Oops, use mbedtls_free() not plain free()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-16 11:02:06 +00:00
Gilles Peskine
b1eea02f74
Implement and test mbedtls_mpi_mod_random
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 10:13:29 +01:00
Gilles Peskine
a57cf9813a
Implement and test mbedtls_mpi_mod_raw_random
...
In the basic/XXX=core test cases, use odd upper bounds, because the mod
version of random() only supports odd upper bounds (the upper bound is a
modulus and the mod modules only support odd moduli).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 10:13:29 +01:00
Manuel Pégourié-Gonnard
057b458583
Merge pull request #6766 from wernerlewis/bignum_mod_docs
...
Bignum: document conventions for bignum mod and mod_raw
2022-12-16 09:58:36 +01:00
Manuel Pégourié-Gonnard
5bf8629b2c
Merge pull request #6303 from gilles-peskine-arm/bignum-core-random
...
Bignum: Implement mbedtls_mpi_core_random
2022-12-16 09:58:07 +01:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa
...
Document ECP_RESTARTABLE and make it compatible with USE_PSA
2022-12-15 19:47:44 +01:00
Werner Lewis
6bb49ba121
Document const parameter conventions
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 17:04:43 +00:00
Tom Cosgrove
b38c2ed3d9
Fix double space between words
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
d692ba4248
Note that (as usual) for mbedtls_mpi_mod_inv() residues must be associated with the modulus
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
a9e0f95903
Split mbedtls_mpi_mod_inv() into separate functions for mont/non-mont form
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
4302d02fa8
Add mbedtls_mpi_mod_inv()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
786848b5c5
Add low-level Montgomery conversion functions to bignum_core
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
28ff92cc3a
Add an explicit mbedtls_mpi_core_montmul_working_limbs() function
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
30f3b4d601
Add mbedtls_mpi_core_check_zero_ct() and tests
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
e9ffb6c8e9
Fix mbedtls_platform_zeroize() call in mbedtls_mpi_mod_modulus_free()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Werner Lewis
756a34aadc
Use lower case for p and r
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 14:53:43 +00:00
Werner Lewis
0f644f48e9
Add output initialization requirement
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 14:13:32 +00:00
Gilles Peskine
6b7ce968d2
Clarify some comments
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-15 15:04:33 +01:00
Gabor Mezei
95b754dfac
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-15 15:04:20 +01:00
Gabor Mezei
979d34ca7d
Add mod_raw_mul function
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-15 15:04:20 +01:00
Werner Lewis
214ae64349
Replace \p with \c for non-parameter code typeset
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:36:07 +00:00
Werner Lewis
1d89ebf548
Clarify all functions operate modulo N
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:35:41 +00:00
Werner Lewis
a306886b3a
Add modulus to parameter ordering
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:35:41 +00:00
Werner Lewis
2e70b9afef
Reword bignum sizes section
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:35:41 +00:00
Werner Lewis
2bd263da1e
Fix grammar and spelling
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:35:40 +00:00
Werner Lewis
945a165a3c
Clarify output requirements
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:22:27 +00:00
Werner Lewis
eac8be76d6
Remove unnecessary type comment
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:22:17 +00:00
Werner Lewis
e1eb75dc99
Specify modulus constraints
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 12:27:56 +00:00
Manuel Pégourié-Gonnard
50faa55e4d
Merge pull request #6732 from wernerlewis/bignum_6019_mod_add
...
Bignum: Implement mbedtls_mpi_mod_add()
2022-12-15 11:39:24 +01:00
Dave Rodgman
01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3
...
Merge back 3.3.0 3
2022-12-14 19:18:05 +00:00
Dave Rodgman
ebef3562c3
Revert "Add generated files"
...
This reverts commit c18d932705
.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-14 19:14:00 +00:00
Dave Rodgman
e90ed7d249
Bump versions for libmbedcrypto and libmbedtls
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-14 17:04:00 +00:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
...
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Valerio Setti
a3f99591f6
sha: make SHA-224 independent from SHA-256
...
Using proper configuration options (i.e. MBEDTLS_SHA224_C and
MBEDTLS_SHA256_C) it is now possible to build SHA224 and SHA256
independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:56:54 +01:00
Manuel Pégourié-Gonnard
4064a82802
Merge pull request #5600 from yuhaoth/pr/refactor-cookie-members-of-handshake
...
Refactor cookie members of handshake
2022-12-14 10:55:34 +01:00
Valerio Setti
898e7a3afe
test: sha: test SHA384 and SHA512 separately
...
This is meant to adapt to the new library design in which
SHA384 and SHA512 can be built independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:50:54 +01:00
Werner Lewis
eed01aabd3
Clarify wording in documentation
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-14 09:44:00 +00:00
Valerio Setti
43363f5962
sha: make SHA-384 independent from SHA-512
...
Using proper configuration options (i.e. MBEDTLS_SHA384_C and
MBEDTLS_SHA512_C) it is now possible to build SHA384 and SHA512
independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 08:53:23 +01:00
Manuel Pégourié-Gonnard
2b70a3f831
Merge pull request #6558 from lpy4105/6416-psa_macros_name_typo
...
check_names: extend typo check to PSA macro/enum names
2022-12-13 09:56:27 +01:00
Manuel Pégourié-Gonnard
48232ed2c1
Merge pull request #6743 from minosgalanakis/bignum/implement_modular_negation
...
Bignum: Implement fixed width modular negation
2022-12-13 09:54:38 +01:00
Bence Szépkúti
f7641544ea
Correct the fix for the PKCS 7 memory leak
...
This corrects an issue in the origina fix in
4f01121f6e
.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-12-12 21:59:03 +01:00
Dave Rodgman
8a05c069a5
Merge pull request #6751 from ZachFleck42/development
...
Fix typo in `library/entropy.c`
2022-12-12 16:30:54 +00:00
Werner Lewis
5e9d2e9019
Add conventions for bignum mod and mod_raw
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-12 14:00:25 +00:00
Manuel Pégourié-Gonnard
a9ac61203b
Merge pull request #6666 from daverodgman/fast_unaligned
...
Fast unaligned memory access macros
2022-12-12 12:18:17 +01:00
Minos Galanakis
5e8443e6ef
mbedtls_mpi_mod_raw_neg: Updated documentation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-12-12 11:13:56 +00:00
Minos Galanakis
21fe8bdeac
bignum_mod_raw: Added modular negation.
...
This patch adds the `mpi_mod_raw_neg()` method.
Co-authored-by: Hanno Becker <hanno.becker@arm.com>
Co-authored-by: Minos Galanakis <minos.galanakis@arm.com>
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-12-12 11:13:56 +00:00
Valerio Setti
016f682796
tls: pake: small code refactoring for password setting functions
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-09 14:17:50 +01:00
Tom Cosgrove
5f09930017
Clarify use of temporary in mbedtls_mpi_mod_raw_inv_prime()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-09 10:58:15 +00:00
Dave Rodgman
c18d932705
Add generated files
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-09 09:44:10 +00:00
Manuel Pégourié-Gonnard
df0c73c308
Readability improvement in pk_wrap.c
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:34 +01:00
Manuel Pégourié-Gonnard
79ae7eb4d1
Use deterministic ECDSA in PSA when we do in legacy
...
This fixes the two failing cases in test_suite_pk when ECP_RESTARTABLE
and USE_PSA_CRYPTO are both enabled. The two failing cases where
ECDSA restartable sign/verify: ECDSA, max_ops=0 (disabled)
ECDSA restartable sign/verify: ECKEY, max_ops=0 (disabled)
associated with test function pk_sign_verify_restart(). The failure was
caused by the interaction of several things that are each reasonable on
their own:
1. The test function relies on ECDSA restartable, which is reasonable as it
allows making sure that the generated signature is correct with a simple
memcmp().
2. The implementation of pk_sign_restartable() has a shortcut to
dispatch to the sign function (as opposed to sign_restartable) when
restart is disabled (max_ops == 0).
3. When USE_PSA is enabled, the sign function dispatches to PSA, which
so far always used ECDSA (non-deterministic) even when the non-PSA
version would use deterministic ECDSA.
This could be fixed by changing any of those. I chose (3) because I
think it makes sense that when PK dispatches to PSA instead of legacy
this should not change which version of ECDSA is selected.
OTOH, I think it makes sense to keep (2), because that means more
opportunities to dispatch to PSA.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:07:19 +01:00
Jerry Yu
0c2a738c23
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-09 09:51:20 +08:00
Jerry Yu
141bbe7bee
tls13: Adjust include files
...
- remove duplicate and unused included
- Adjust the order to system, mbedtls global, local.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-09 09:51:20 +08:00
Jerry Yu
ddda050604
tls13: Upstream various fix in prototype
...
- Adjust max input_max_frag_len
- Guard transform_negotiate
- Adjust function position
- update comments
- fix wrong requirements
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-09 09:51:20 +08:00
Jerry Yu
2e19981e17
tls13: guards transform negotiate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-09 09:51:20 +08:00
Valerio Setti
eb3f788b03
tls: pake: do not destroy password key in TLS
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-08 18:42:58 +01:00
Dave Rodgman
48223bc19e
Bump version to 3.3.0. No changes to .so versions.
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-08 14:43:19 +00:00
Dave Rodgman
a5b2c52885
Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.3.0rc0-pr
2022-12-08 14:10:59 +00:00
Zachary Fleckenstein
73defe4da0
Fix typo in library/entropy.c
...
Signed-off-by: Zachary Fleckenstein <ZachFleck42@Gmail.com>
2022-12-08 07:28:29 -05:00
Tom Cosgrove
6129268fee
Bignum: Implement mbedtls_mpi_mod_raw_inv_prime() and tests
...
Fixes #6023 .
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-08 09:44:10 +00:00
Tom Cosgrove
a7f0d7b029
mbedtls_mpi_core_exp_mod() ouuput may alias input A
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-08 08:46:28 +00:00
Valerio Setti
ae7fe7ee53
tls: pake: avoid useless psa_pake_abort in setting opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 17:36:59 +01:00
Valerio Setti
70d1fa538a
tls: pake: fix missing return values check
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 16:20:27 +01:00
Valerio Setti
c689ed8633
tls: pake: minor adjustments
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 14:40:38 +01:00
Dave Rodgman
90af1a10ab
Merge pull request #6734 from daverodgman/fix_test_dep_spelling
...
Fix spelling of test dependency
2022-12-07 09:06:29 +00:00
Ronald Cron
fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface
...
TLS 1.3: Refactor early data configuration interface.
2022-12-07 09:42:12 +01:00
Janos Follath
d45924d862
Merge pull request #6733 from tom-cosgrove-arm/issue-6293-mod_exp-memory
...
Have mbedtls_mpi_core_exp_mod() take a temporary instead of allocating memory
2022-12-07 08:32:31 +00:00
Janos Follath
1d26d976e8
Merge pull request #6731 from tom-cosgrove-arm/issue-6293-mod_exp
...
Require input to mbedtls_mpi_core_exp_mod() to already be in Montgomery form
2022-12-07 08:31:49 +00:00
Dave Rodgman
556e8a3219
Fix additional mis-spelling
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-06 16:31:25 +00:00
Dave Rodgman
92011eef34
Merge pull request #6717 from tom-cosgrove-arm/fix-typos-2212
...
Fix typos prior to release
2022-12-06 15:00:34 +00:00
Tom Cosgrove
0a0ddedfb7
Have mbedtls_mpi_core_exp_mod() take a temporary instead of allocating memory
...
Last PR needed for #6293
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-06 14:37:18 +00:00
Werner Lewis
e1b6b7c0ac
Implement mbedtls_mpi_mod_add()
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-06 11:55:32 +00:00
Tom Cosgrove
ecda186893
Require input to mbedtls_mpi_core_exp_mod() to already be in Montgomery form
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-06 10:46:30 +00:00
Jerry Yu
6ee56aa18f
Add default values for conf->*early_data*
...
- early_data default to disable
- max_early_data_size default to built-in value
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 18:00:47 +08:00
Jerry Yu
39da9857df
remove limitation of max_early_data_size
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 16:58:36 +08:00
Jerry Yu
12c46bd14f
fix various issues
...
- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 11:02:51 +08:00
Tom Cosgrove
ed4f59eec3
Fix another typo where 'PSK' was 'PKS'
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-05 12:07:50 +00:00
Jerry Yu
e01304f6d8
fix type conversion issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 19:58:46 +08:00
Jerry Yu
ac5ca5a0ea
Refactor cookie members of handshake struct
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 19:58:45 +08:00
Dave Rodgman
acbb6dc364
Merge remote-tracking branch 'origin/development' into merge-dev
2022-12-05 10:59:23 +00:00
Tom Cosgrove
1797b05602
Fix typos prior to release
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Valerio Setti
757f359474
tls: pake: do not destroy key on errors while setting opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 11:07:11 +01:00
Gilles Peskine
70375b2028
Move mbedtls_mpi_core_random to the proper source file
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:46:26 +01:00
Gilles Peskine
78cf3bbf22
Bignum core: break mbedtls_mpi_core_random out of mbedtls_mpi_random
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:45:45 +01:00
Gilles Peskine
4a8c5cdfbf
Bignum core: random: prototype
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:44:07 +01:00
Gilles Peskine
26be89b3f6
Bignum core: random: prepare to break out the core function
...
Shuffle things around a bit inside mbedtls_mpi_random() in preparation for
breaking out mbedtls_mpi_core_random().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:06:43 +01:00
Gilles Peskine
8a32a75aa2
mbedtls_mpi_random: avoid local allocation
...
Rewrite the minimum bound comparison to avoid a local allocation. This costs
a bit of code size, but saves RAM. This is in preparation for moving the
bulk of the function to the bignum_core module where allocation is not
permitted.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:06:43 +01:00
Gilles Peskine
6f949ea67b
New constant-flow function mbedtls_mpi_core_uint_le_mpi
...
Compare a single-limb MPI with a multi-limb MPI. This is rather ad hoc, but
will be useful for mbedtls_mpi_core_random.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:06:43 +01:00
Jerry Yu
cc4e007ff6
Add max_early_data_size to mbedtls_ssl_config
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Tom Cosgrove
62b20488f1
Implement mbedtls_mpi_mod_sub()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-01 14:27:37 +00:00
Valerio Setti
0944329036
tls: pake: add check for empty passwords in mbedtls_ssl_set_hs_ecjpake_password()
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 15:06:09 +01:00
Paul Elliott
266f79c136
Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement
...
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
2022-12-01 11:40:52 +00:00
Dave Rodgman
2dae4b3ef6
Support armcc builtin byteswap routine
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-30 15:18:39 +00:00
Dave Rodgman
2d0f27d0fc
Make use of optimised bswap from ARIA
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-30 12:16:21 +00:00
Ronald Cron
7df787c019
Merge pull request #6538 from yuhaoth/pr/tls13-add-early-data-transform-computation
2022-11-30 09:56:00 +01:00
Gilles Peskine
edaa17b350
Merge pull request #6547 from yanesca/extract_mod_exp_from_prototype
...
Bignum: Extract mod exp from prototype
2022-11-29 21:40:07 +01:00
Aditya Deshpande
b6bc7524f9
Minor formatting fixes to address code review comments
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-29 16:53:29 +00:00
Manuel Pégourié-Gonnard
0b9b560770
Merge pull request #6601 from valeriosetti/issue6502
...
Avoid assumptions about implementation in EC J-PAKE tests
2022-11-29 11:21:23 +01:00
Manuel Pégourié-Gonnard
f9720cfa78
Merge pull request #6670 from gilles-peskine-arm/pkcs7-use-after-free-20221127
...
PKCS7: Fix some memory management errors
2022-11-29 11:17:27 +01:00
Manuel Pégourié-Gonnard
ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2
...
CID update to RFC 9146
2022-11-29 09:25:14 +01:00
Jerry Yu
aec08b3f42
fix various format issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-29 15:19:27 +08:00
Janos Follath
97915c8685
Merge pull request #6619 from minosgalanakis/bignum/add_high_lv_IO_methods
...
Bignum: Adding High level I/O methods
2022-11-28 17:27:48 +00:00