mbedtls

Author	SHA1	Message	Date
Ronald Cron	de08cf3543	tls13: Do not use MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED instead. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	73fe8df922	Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to guard TLS code (both 1.2 and 1.3) specific to handshakes involving PSKs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	e68ab4f55e	Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to guard TLS code (both TLS 1.2 and 1.3) specific to handshakes involving certificates. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	41a443a68d	tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard code specific to one of the TLS 1.3 key exchange mode with PSK. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	928cbd34e7	tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard code specific to the TLS 1.3 ephemeral key exchange mode. Use it also for the dependencies of TLS 1.3 only tests relying on ephemeral key exchange mode, but for tests in tls13-kex-modes.sh where the change is done later using all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Gilles Peskine	abc6fbb8d7	Fix brief description Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-21 18:36:31 +02:00
Ronald Cron	d29e13eb1b	tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	2a87e9bf83	tls: Align set and usage check for PSK Check that the identity length is not zero in ssl_conf_set_psk_identity() as it is done in mbedtls_ssl_conf_has_static_psk(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	fa1e04a7c4	tls13: keys: Fix PSK build only case When deriving the handshake stage master secret, in the case of a PSK only build, the only possible key exchange mode is PSK and there is no ephemeral key exchange shared secret in that case. Thus do not error out in that case in the first phae of the derivation dedicated to the shared secret. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	9a6a49c7cb	tls13: keys: Fail if the group type is not ECDHE or DHE Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	b15d4d8966	tls13: keys: Fix error code Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	3b056202d3	tls13: keys: Do not use `handshake->premaster` `handshake->premaster` was used to store the (EC)DHE shared secret but in TLS 1.3 there is no need to store it in a context. Futhermore, `handshake->premaster` and more specifically its sizing is TLS 1.2 specific thus better to not use it in TLS 1.3. Allocate a buffer to store the shared secret instead. Allocation instead of a stack buffer as the maintenance of the size of such buffer is harder (new elliptic curve for ECDHE, support for FFDHE ... ). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	4c7edb2b9b	tls13: keys: Fix indentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	831fee68c3	tls13: keys: Avoid input buffer copy In mbedtls_ssl_tls13_evolve_secret() avoid to copy the input buffer into a local buffer as the copy is avoidable. This also fixes a potential overflow as the size of the local buffer was not checked when copying into it. With the current calls to mbedtls_ssl_tls13_evolve_secret() no buffer overflow was expected to happen though. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Manuel Pégourié-Gonnard	45c6792faf	Merge pull request #6385 from AndrzejKurek/depends-py-reloaded Unified tests/scripts/depends.py - reloaded	2022-10-21 10:17:58 +02:00
Gilles Peskine	c279b2fa4a	Move mbedtls_mpi_core_shift_r to the proper source file Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-20 11:40:15 +02:00
Gilles Peskine	6641420951	Bignum core: Break shift_r function out of the classic shift_r This commit contains the function prototype for mbedtls_mpi_core_shift_r, and the implementation minimally modified from mbedtls_mpi_shift_r. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-20 11:40:15 +02:00
Gilles Peskine	4281ae0bd2	Merge pull request #6373 from gilles-peskine-arm/bignum-core-conventions Spell out bignum core conventions	2022-10-19 15:53:33 +02:00
Gilles Peskine	db2996357c	Merge pull request #6289 from gabor-mezei-arm/6237_Add_conditional_assign_and_swap_for_bignum Bignum: Add safe conditional assign and swap for the new MPI types	2022-10-19 15:51:19 +02:00
Andrzej Kurek	9387b7b34e	Add a temporary solution to create a seedfile This caused problems if a config with SHA512 was compiled after a config without it and the seedfile did not contain enough data. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	c610e7402e	Formatting & unnecessary (void) fixes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	ecb630925f	Fix constant name in ssl_tls13_keys Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	e5a5cc1944	Remove the dependency of tls1_3 key evolution tests on curve25519 Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	eabeb30c65	Fix SHA512 vs SHA384 dependencies When building SHA512 without SHA384, there are some code paths that resulted in unused variables or usage of undefined code. This commit fixes that. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	c19fb08dd3	Add missing ECDH dependency in tls 1.3 client Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	68327748d3	Add missing dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	46a987367c	Formatting fix Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	084334c8f2	Compile constant time masking and hmac if there are suites using MAC This is used in TLS 1.2 authentication with NULL cipher, when there are no TLS_CBC suites. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	2d59dbc032	Use TLS prf only if TLS 1.2 is compiled in Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	894edde991	Add tls prf handling when there's no SHA256 or SHA384 Return a null prf function pointer and check for it when populating transform. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	252283f2aa	Fix missing cipher mode dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
David Horstmann	078250eb56	Fix incorrect return style Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-18 18:11:13 +01:00
David Horstmann	178ec96c89	Remove unnecessary NULL assignments Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-18 18:09:30 +01:00
David Horstmann	11307a1933	Clarify wording on allocation Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-17 18:10:23 +01:00
Gilles Peskine	8874cd570e	Merge pull request #4826 from RcColes/development Add LMS implementation	2022-10-14 18:33:01 +02:00
Gilles Peskine	dcd1717f5f	Forbid aliasing outputs Aliasing between two outputs is hardly ever useful. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-14 17:15:21 +02:00
Gabor Mezei	4086de667d	Fix documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-14 16:29:42 +02:00
Manuel Pégourié-Gonnard	b3c30907d6	Merge pull request #6383 from mprse/aead_driver_test Enable testing of AEAD drivers with libtestdriver1	2022-10-14 11:11:01 +02:00
Raef Coles	1951259a10	Update how lms.c imports platform.h Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 16:47:13 +01:00
Ronald Cron	49e4184812	Merge pull request #6299 from xkqian/tls13_add_servername_check Add server name check when proposing pre-share key	2022-10-13 16:00:59 +02:00
Raef Coles	cbd02adc6e	Simplify LMS context freeing Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:32 +01:00
Raef Coles	45c4ff93c9	Fix windows requiring explicit cast in LMS calloc Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:14 +01:00
Raef Coles	142e577c34	Add extra zeroization to LMS and LMOTS Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:03 +01:00
Raef Coles	9fc303a99a	Add extra LMOTS import negative tests And fix failures that are related to the new tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:01 +01:00
Raef Coles	4829459c90	Validate LMOTS sig length before parsing type Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:47 +01:00
Raef Coles	285d44b180	Capitalize "Merkle" in LMS and LMOTS code As it is a proper noun Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:43 +01:00
Raef Coles	faf59babe8	Make LMS verification return VERIFY_FAILED more To align with PSA error code rules on when VERIFY_FAILED is returned vs INVALID_ARGUMENT Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:42 +01:00
Raef Coles	fbd60ec775	Change LMS and LMOTS init functions to use memset Instead of zeroize Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:40 +01:00
Raef Coles	9b0daf60fb	Improve LMS private function warning Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:38 +01:00
Raef Coles	f6cb5a4826	Fix LMS return statements having incorrect style Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:35 +01:00
Raef Coles	75b4c7790e	Fix LMS internal function documentation Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:34 +01:00
Raef Coles	d48f7e90bb	Allocate LMS C_RANDOM_VALUE as hash size Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:32 +01:00
Raef Coles	1fb2f32ef5	Check LMS offsets are sane at runtime Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:31 +01:00
Raef Coles	e34e3c0e59	Remove unneeded cast in LMS calloc Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:30 +01:00
Raef Coles	370cc43630	Make LMS public key export part of public key api Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:28 +01:00
Raef Coles	e89488debf	Fix bug in LMS public key loading To avoid using the type before it is parsed from the signature Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:27 +01:00
Raef Coles	3f6cdd7aab	Fix LMS not checking RNG function return value Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:24 +01:00
Raef Coles	02cf8234b4	Fix ots sig length check in LMS validate function Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:22 +01:00
Raef Coles	f36874a535	Fix error type of lms_import_public_key Was returning an incorrect error when bad public key sizes were input Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:21 +01:00
Raef Coles	dc8fb79e09	Simplify LMS private key generation error handling Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:20 +01:00
Raef Coles	be3bdd8240	Rename LMS and LMOTS init/free functions To match convention Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:18 +01:00
Raef Coles	29117d2e4e	Update LMS PSA error conversion Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:17 +01:00
Raef Coles	be0c2f9183	Update LMS local variable allocation To use a default failure value, and to avoid a call to psa_hash_operation_init() Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:15 +01:00
Raef Coles	2ac352a322	Make LMS functions args const where required Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:14 +01:00
Raef Coles	5127e859d7	Update LMS and LMOTS dependency macros Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:11 +01:00
Raef Coles	56fe20a473	Move MBEDTLS_PRIVATE required defines into lms.h From lmots.h, as it is a private header Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:10 +01:00
Raef Coles	ab300f15e8	Move public header content from lmots.h to lms.h Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:08 +01:00
Raef Coles	0b7da1b787	Fix overflow in LMS context init Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:03 +01:00
Raef Coles	57d5328ad5	Remove MBEDTLS_LM(OT)S prefix from internal macros Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:00 +01:00
Raef Coles	ad05425ab7	Update naming of internal LMS functions To comply with the mbedtls_ requirement Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:59 +01:00
Raef Coles	40158e11fc	Add LMOTS test hook to header Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:58 +01:00
Raef Coles	3982040232	Fix LMS zeroization using wrong sizeof type Causing a buffer write out of bounds Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:55 +01:00
Raef Coles	98d6e22050	Remove doxygen markup from internal LMS functions Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:54 +01:00
Raef Coles	40f184c83e	Cast LMS allocation sizes to size_t To prevent implict casting errors on 64-bit platforms Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:52 +01:00
Raef Coles	1310ecb389	Update LMOTS function documentation To avoid CI failure Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:51 +01:00
Raef Coles	9c9027b1a4	Add extra LMS and LMOTS tests NULL-message and LMOTS signature leak tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:50 +01:00
Raef Coles	fa24f9d6ea	Minor fixes to LMS and LMOTS macros Update some names, use the correct macro in certain places. Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:48 +01:00
Raef Coles	0a967ccf9a	Document LMS and LMOTS internal functions Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:47 +01:00
Raef Coles	8738a49d0c	Fix iterator types in LMOTS Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:45 +01:00
Raef Coles	e0a17610d1	Fix LMS/LMOTS if-statement style Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:41 +01:00
Raef Coles	9b88ee5d5d	Fix LMS and LMOTS coding style violations Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:40 +01:00
Raef Coles	366d67d9af	Shorted LMS and LMOTS line-lengths To attempt to comply with the 80-char suggestion Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:38 +01:00
Raef Coles	e9479a0264	Update LMS API to support multiple parameter sets Parameterise macros to allow variation of sizes Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:36 +01:00
Raef Coles	ab4f87413a	Add MBEDTLS_LMS_PRIVATE define To enable private key operations Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:35 +01:00
Raef Coles	ebd35b5b80	Rename LMS internal tree-manipulation functions Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:31 +01:00
Raef Coles	891c613f31	Update LMOTS signature use of temporary variables Document them properly, and move random value to a temporary variable Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:29 +01:00
Raef Coles	0c88d4e447	Remove superfluous casts in LMS and LMOTS Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:28 +01:00
Raef Coles	f5632d3efc	Remove MBEDTLS_PRIVATE usage from LMS and LMOTS Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:27 +01:00
Raef Coles	01c71a17b3	Update LMS and LMOTS api Fix function names and parameters. Move macros to be more private. Update implementation. Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:25 +01:00
Raef Coles	c8f9604d7b	Use PSA hashing for LMS and LMOTS Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:23 +01:00
Raef Coles	7dce69a27a	Make LMOTS a private api Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:22 +01:00
Raef Coles	8ff6df538c	Add LMS implementation Also an LM-OTS implementation as one is required for LMS. Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:15 +01:00
Manuel Pégourié-Gonnard	02f82bbfa9	Fix MSVC warning Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-13 13:32:02 +02:00
Manuel Pégourié-Gonnard	f155ab9a91	Abort on errors when we should We're not strictly required to abort, but at least to leave the context is an invalid state. For "late" functions like input() and output(), calling abort() is the easiest way to do that. Do it systematically for input() and output() by using a wrapper. psa_pake_get_implicit_key() was already doing it. For "early" function, we can just leave the operation in its current state which is already invalid. Restore previous tests about that. Not adding systematic tests, though, just test the two functions that are the most important, and more likely to return errors. Since we now abort in more cases, we need to make sure we don't invalidate the operation that's going to be re-used later in the test. For that reason, use a copy of the operation for calls to input() and output() that are expected to return errors. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-13 13:20:31 +02:00
Gilles Peskine	0fe6631486	Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2 Include platform.h unconditionally	2022-10-13 10:19:22 +02:00
Xiaokang Qian	28af501cae	Fix the ticket_lifetime equal to 0 issue Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-13 08:18:19 +00:00
Xiaokang Qian	126bf8e4d7	Address some comments Delete reference immediately after shallow copy Fix format issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-13 02:57:15 +00:00
Xiaokang Qian	997669aeeb	Fix heap use-after-free corruption issue Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 14:30:27 +00:00
Xiaokang Qian	307a7303fd	Rebase and replace session_negotiate Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:14:32 +00:00
Xiaokang Qian	baa4764d77	Fix typo issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	8730644da1	Move ticket and hostname set code just after shallow-copy Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	ed3afcd6c3	Fix various typo and macro guards issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	ed0620cb13	Refine code base on comments Move code to proper macro guards protection Fix typo issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	03409290d2	Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	d7adc374d3	Refine the server name compare logic Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	a3b451f950	Adress kinds of comments base on review Rename function name to mbedtls_ssl_session_set_hostname Add two extra check cases for server name Fix some coding styles Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	2f9efd3038	Address comments base on review Change function name to ssl_session_set_hostname() Remove hostname_len Change hostname to c_string Update test cases to multi session tickets Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:49 +00:00
Xiaokang Qian	bc663a0461	Refine code based on commnets Change code layout Change hostname_len type to size_t Fix various issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:01 +00:00
Xiaokang Qian	adf84a4a8c	Remove public api mbedtls_ssl_reset_hostname() Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:05:11 +00:00
Xiaokang Qian	be98f96de2	Remove useless hostname check in server side Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:44 +00:00
Xiaokang Qian	6af2a6da74	Fix session save-load overflow issue Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:44 +00:00
Xiaokang Qian	ecd7528c7f	Address some comments Hostname_len has at least one byte Change structure serialized_session_tls13 Fix various issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:44 +00:00
Xiaokang Qian	281fd1bdd8	Add server name check when proposeing pre-share key Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:41 +00:00
Gilles Peskine	8fd3254cfc	Merge pull request #6374 from mprse/enc_types Test TLS 1.2 builds with each encryption type	2022-10-12 12:45:50 +02:00
Jerry Yu	c79742303d	Remove unnecessary empty line and fix format issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-11 21:22:33 +08:00
Jerry Yu	22c18c1432	Add NULL check in prepare hello `session_negotiate` is used directly in `ssl_prepare_client_hello` without NULL check. Add the check in the beggining to avoid segment fault. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-11 18:07:19 +08:00
Jerry Yu	c2bfaf00d9	fix wrong typo Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-11 18:07:19 +08:00
Jerry Yu	4f77ecf409	disable session resumption when ticket expired Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-10 22:10:08 +08:00
Jerry Yu	03aa174d7c	Improve test message and title Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-10 21:48:37 +08:00
Jerry Yu	6916e70521	fix various issues - adjust guards. Remove duplicate guards and adjust format. - Return success at function end. Not `ret` - change input len Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-10 21:33:51 +08:00
Jerry Yu	21092062f3	Restrict cipher suite validation to TLS1.3 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-10 21:21:31 +08:00
Gabor Mezei	d7edb1d225	Initialize variable Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-10 14:32:09 +02:00
Gabor Mezei	e9c013c222	Handle if parameters are alised Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-10 14:26:57 +02:00
Przemek Stekiel	88ade84735	psa_aead_setup: remove redundant tag length check Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-08 17:56:18 +02:00
Przemek Stekiel	6ab50762e0	psa_aead_setup: validate tag length before calling driver setup Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-08 17:54:30 +02:00
Jerry Yu	a99cbfa2d3	fix various issues - rename function and variable - change signature of `ssl_tls13_has_configured_psk` - remove unnecessary statements - remove unnecessary local variables - wrong variable initial value - improve output message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-08 14:35:47 +08:00
Jerry Yu	40afab61a8	Add ciphersuite check in set_session Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-08 14:35:43 +08:00
Jerry Yu	21f9095fa8	Revert "move ciphersuite validation to set_session" This reverts commit `19ae6f62c7`. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-08 14:35:34 +08:00
Jerry Yu	379b91a393	add ticket age check Remove ticket if it is expired. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-08 10:21:15 +08:00
David Horstmann	91e20a0580	Refactor macro-spanning ifs in ecdh.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	fc735dffd6	Refactor macro-spanning ifs in ecp.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	8a7629fd0f	Refactor macro-spanning if in asn1write.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	2788f6b668	Refactor macro-spanning if in sha512.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	687262ca7d	Refactor macro-spanning if in sha256.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	21b89761f8	Refactor macro-spanning if in ssl_tls13_server.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	10be134d8e	Refactor macro-spanning if in ssl_msg.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	4a28563e84	Refactor macro-spanning ifs in ssl_client.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	e0af39a2ef	Refactor macro-spanning ifs in ssl_tls12_server.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:36 +01:00
Przemek Stekiel	86679c7bd8	psa_validate_tag_length(): use PSA_WANT_ALG_xxx instead MBEDTLS_PSA_BUILTIN_ALG_xxx guards Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-07 08:24:19 +02:00
Jerry Yu	4a698341c9	Re-org selected_identity parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	6183cc7470	Re-org binders writer Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	f75364bee1	Re-organize identities writer Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	8b41e893a2	fix various issues - Re-order code and comments - move comment above `write_identities` - move `write_binder` above `write_identities`. - Add has_{psk,identity} into {ticket,psk}_get_{psk,identity} - rename `_session_tickets_` to `_ticket_` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	19ae6f62c7	move ciphersuite validation to set_session Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	25ab654781	Add dummy ticket support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	b300e3c5be	add selected_identity parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	1a0a0f4416	Add binders writer Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	f7c125917c	Add identites writer Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	0c6105bc9e	empty pre_shared_key functions To easy review Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	8897c07075	Add server only guards for psk callback Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
David Horstmann	b21bbef061	Refactor macro-spanning if in ssl_tls12_client.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-06 18:00:51 +01:00
David Horstmann	3b2276a439	Refactor macro-spanning ifs in ssl_tls.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-06 17:59:57 +01:00
Przemek Stekiel	8a05a646f4	Remove psa_driver_get_tag_len() and use PSA_ALG_AEAD_GET_TAG_LENGTH macro instead Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-06 17:01:58 +02:00
Przemek Stekiel	ff1efc9a84	psa_aead_check_nonce_length: Fix unused variable warining Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-06 16:53:47 +02:00
David Horstmann	0763ccf04f	Refactor ARIA_SELF_TEST_IF_FAIL macro Change the ARIA_SELF_TEST_IF_FAIL macro to be more code-style friendly. Currently it expands to the body of an if statement, which causes problems for automatic brace-addition for if statements. Convert the macro to a function-like macro that takes the condition as an argument and expands to a full if statement inside a do {} while (0) idiom. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-06 14:32:30 +01:00
Manuel Pégourié-Gonnard	0771d41584	Fix missing length check There was a check against the remaining size of the buffer, which used to be correct, but was broken two commits ago when we started not just copying the input but also adding to it. Replace it with a check that the input length is not greater that what's expected for this step. This guarantees we won't overflow the internal buffer. While at it, add an explicit cast to uint8_t when writing the length to the buffer, so silence an MSVC warning. This cast is safe because we checked that the length is no larger than 65 or 32 (depending on the step), so in any case is fits in one byte. This was found because some lengths had not been adjusted in the test suite, and instead of failing cleanly, library code performed buffer overflows. I'll fix the tests in the next commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-06 09:30:34 +02:00
Manuel Pégourié-Gonnard	79617d99ae	Fix namespacing issue This macro is specific to the Mbed TLS implementation and not part of the public API, so it shouldn't used the PSA_ namespace. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-05 12:55:50 +02:00
Manuel Pégourié-Gonnard	ec7012dbc7	Fix I/O format of PSA EC J-PAKE for compliance The format used by the mbedtls_ecjpake_xxx() APIs and that defined by the PSA Crypto PAKE extension are quite different; the former is tailored to the needs of TLS while the later is quite generic and plain. Previously we only addressed some part of this impedance mismatch: the different number of I/O rounds, but failed to address the part where the legacy API adds some extras (length bytes, ECParameters) that shouldn't be present in the PSA Crypto version. See comments in the code. Add some length testing as well; would have caught the issue. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-05 12:52:48 +02:00
David Horstmann	ed79483aca	Free structs in mbedtls_x509_get_name() on error mbedtls_x509_get_name() allocates a linked list of mbedtls_x509_name structs but does not free these when there is an error, leaving the caller to free them itself. Change this to cleanup these objects within the function in case of an error. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-05 11:51:16 +01:00
Gilles Peskine	01af3ddc82	Fixed confusion between number size and limb size; define limb Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-04 16:23:29 +02:00
Gilles Peskine	2926484de1	Describe generic conventions for the bignum core module This commit codifies some conventions that result from the original design goals and others that have emerged after starting the implementation. * Value ranges * Bignum parameter naming and ordering * Sizes * Aliasing and overlap * Error handling Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-04 14:51:21 +02:00
Gilles Peskine	7aab2fbe41	Add a short description of what each module does There was already a short introduction to _who_ should use each module, but not to _what_ each module does. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-04 14:50:17 +02:00
Gilles Peskine	7f887bdc05	Move license out of Doxygen comment Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-04 14:50:17 +02:00
Gabor Mezei	dba2677597	Update documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-03 17:01:02 +02:00
Gabor Mezei	86dfe384c2	Fix documentation tags to be lower case Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 14:03:04 +02:00
Gabor Mezei	e5b8585f1e	Follow parameter naming convention Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:54:02 +02:00
Gabor Mezei	1c628d5700	Follow parameter naming comvention Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	3eff425b1a	Use only one limb parameter for assign Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	81e57021c6	Change the input parameters to be const Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	2b5bf4cec7	Fix doumentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	f4dd3b6a6d	Fix documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	cfc0eb8d22	Remove unused parameter Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:39 +02:00
Gabor Mezei	87638a9ead	Add missing include Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:39 +02:00
Gabor Mezei	63c3282ec4	Remove retrun code from mod_raw_cond_assign/swap Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:39 +02:00
Gabor Mezei	24d183aa00	Use the new swap and assign function in the old interface Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:39 +02:00
Gabor Mezei	9f6615f146	Remove argument checking from constant time functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:39 +02:00
Gabor Mezei	12071d4403	Add conditional assign and swap function for MPI modulus Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:33:35 +02:00
Gabor Mezei	e1d31c4aad	Add conditional swap and assign function for MPI core Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:33:30 +02:00
Gilles Peskine	845de0898e	Merge pull request #6083 from tom-cosgrove-arm/issue-6015-montgomery-multiplication Montgomery multiplication from bignum prototype	2022-09-30 10:35:21 +02:00
Tom Cosgrove	6da3a3b15f	Fix doc regarding aliasing of modulus input to mbedtls_mpi_core_montmul() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-29 17:20:18 +01:00
Victor Barpp Gomes	47c7a732d2	Print RFC 4108 hwSerialNum in hex format Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>	2022-09-29 11:34:23 -03:00
Tom Cosgrove	4386ead662	Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-29 14:40:21 +01:00
Przemek Stekiel	ce5b68c7a3	Revert "Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions" This reverts commit `a82290b727`. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-29 15:29:18 +02:00
Ronald Cron	77c691f099	Merge pull request #6194 from xkqian/tls13_add_psk_client_cases TLS 1.3: Add PSK client cases	2022-09-28 17:08:06 +02:00
Manuel Pégourié-Gonnard	e3358e14b2	Merge pull request #6051 from mprse/permissions_2b_v2 Permissions 2b: TLS 1.3 sigalg selection	2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard	f3f9e450b6	Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2 Ad-hoc KDF for EC J-PAKE in TLS 1.2	2022-09-28 09:47:32 +02:00
Xiaokang Qian	ca343ae280	Improve message logs and test cases description in psk Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-28 02:07:54 +00:00
Przemek Stekiel	4c49927bad	Fix unused variables warnings in default + stream cipher only build Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-27 15:04:14 +02:00
Przemek Stekiel	a82290b727	Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD \|\| MBEDTLS_NIST_KW_C flags - make it consistent. As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available). Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD \|\| MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-27 15:04:14 +02:00
Przemek Stekiel	89ad62352d	Fix guards for mbedtls_ct_size_mask() and mbedtls_ct_memcpy_if_eq() Both functions are used when MBEDTLS_SSL_SOME_SUITES_USE_MAC is defined not MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-27 15:04:14 +02:00
Ronald Cron	c27a9074c4	tls13: server: Add comment when trying another sig alg Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-27 10:07:55 +02:00
Xiaokang Qian	cb6e96305f	Change kex mode string name Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-27 08:02:41 +00:00
Ronald Cron	b72dac4ed7	Fix PSA identifier of RSA_PKCS1V15 signing algorithms Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-27 09:25:47 +02:00
Andrzej Kurek	b510cd2c50	Fix a copy-paste error - wrong macro used Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-26 10:50:22 -04:00
Andrzej Kurek	5603efd525	Improve readability and formatting Also use a sizeof instead of a constant for zeroization, as requested in review. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-26 10:49:16 -04:00
Xiaokang Qian	5beec4b339	Refine ssl_get_kex_mode_str() for easy automatic generation Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-26 08:23:45 +00:00
Xiaokang Qian	ac8195f4f7	Fix wrongly kex mode fallback issue in psk cases Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-26 06:31:58 +00:00
Gilles Peskine	5596c74a98	Merge pull request #6140 from Zaya-dyno/validation_remove_change_auth_enc Validation remove change auth enc	2022-09-23 17:04:31 +02:00
Gilles Peskine	12a1e85caa	Merge pull request #6138 from Zaya-dyno/validation_remove_change_key_agree Validation remove change key agree	2022-09-23 17:04:20 +02:00
Gilles Peskine	87953f228f	Merge pull request #6091 from Zaya-dyno/validation_remove_change_pk Validation remove change pk	2022-09-23 17:03:30 +02:00

... 2 3 4 5 6 ...

9799 commits