Commit graph

7810 commits

Author SHA1 Message Date
Jerry Yu
61e35e0047 tls13: add generate handshake keys
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Mateusz Starzyk
594215be6e Add support for CCM*-no-tag to PSA.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-21 11:33:41 +02:00
Mateusz Starzyk
bb2ced33dd Ignore plaintext length for CCM*-no-tag.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-21 11:33:37 +02:00
Gabor Mezei
22c9a6fccc
Rename internal header constant_time.h to constant_time_internal.h
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 12:15:20 +02:00
Gabor Mezei
90437e3762
Rename constant-time functions to have mbedtls_ct prefix
Rename functions to better suite with the module name.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:59:27 +02:00
Gabor Mezei
116cd6a6b4
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:18:37 +02:00
Gabor Mezei
6a426c9f9f
Bind functions' availability for config options
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:17:43 +02:00
Gilles Peskine
9202ba37b1
Merge pull request #4960 from mpg/cleanup-tls-cipher-psa-3.x
Clean up some remnants of TLS pre-1.2 support
2021-10-19 21:59:15 +02:00
Gabor Mezei
765862c4f3
Move mbedtls_cf_memcmp to a new public header
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-19 12:22:25 +02:00
Gabor Mezei
291df7bbab
Add macro guard for header file
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-19 11:27:17 +02:00
Gabor Mezei
e212379810
Bind functions' availability for config options
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 19:38:02 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
2021-10-18 17:51:50 +02:00
Gabor Mezei
949455892f
Remove unused function
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 17:02:29 +02:00
Gabor Mezei
a2d0f90c5a
Make functions static
These functions are only used as an auxiliary function for constant-time functions.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:56:50 +02:00
Gabor Mezei
a316fc8eb0
Update documentation and comments
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
63bbba5c13
Rename and reorder function parameters
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
7013f62ee5
Use condition for not sensitive data
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
eab90bcc36
Move implementation specific comment
This comment is about how the functions are implemented, not about their
public interface, so it doesn't belong in the header file.
It applies to everything in constant_time.c so moved there.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
1e64261da5
Make mbedtls_cf_size_mask_lt function static
The mbedtls_cf_size_mask_lt is solely used as an auxiliary function
for mbedtls_cf_size_mask_ge.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
2021-10-18 10:39:21 +02:00
Gilles Peskine
2bb5e9c973
Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:20 +02:00
Przemyslaw Stekiel
4cad4fc8a9 psa_crypto.c: use switch instead if-else in psa_aead_check_nonce_length and psa_aead_set_lengths (fixes #5065)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 14:04:36 +02:00
Ronald Cron
e3e16d5d67
Merge pull request #4982 from yuhaoth/pr/add-read-ptr-and-handshake-kex-modes
TLS1.3:add read ptr and handshake kex modes
CI merge job: only "Session resume using tickets, DTLS: openssl client" failed in one component thus CI can be considered as passed.
2021-10-11 19:23:12 +02:00
Ronald Cron
e23bba04ee
Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils
TLS 1.3: ServerHello: add  utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012) thus we can consider that this PR passed CI.
2021-10-11 11:01:11 +02:00
Jerry Yu
e4eefc716a Improve document for chk_buf_read_ptr
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-09 10:40:40 +08:00
Gilles Peskine
f6892dec2a Readability improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 16:28:32 +02:00
Jerry Yu
fd320e9a6e Replace zeroize with memset
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 21:52:41 +08:00
Jerry Yu
88b756bacb move tls1_3 max md size
It should be internal definition

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 18:41:38 +08:00
Jerry Yu
d1ab262844 define max md size for tls1_3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 16:19:24 +08:00
Jerry Yu
205fd82f7e fix check_name fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 16:16:24 +08:00
Jerry Yu
ae0b2e2a2f Rename counter_len
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
c1ddeef53a fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
dca3d5ddf9 fix document issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:19:29 +08:00
Jerry Yu
0cabad375b fix doxygen parameter wrong
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
adf861aad4 Address kex_modes check function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
e15e665cfb fix comments and check return issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
1b7c4a464c tls13: add key exchange modes in handshake params
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
34da3727d6 Add check read ptr macro
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Paul Elliott
e193ea8cb9 Add Multipart AEAD CCM internal implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-07 18:06:03 +01:00
Przemyslaw Stekiel
c0fe820dc9 psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 11:08:56 +02:00
Gilles Peskine
b9b817e977 Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length
PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for
verification that it produces when signing, as documented.

Fixes #4946.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 14:26:25 +02:00
Mateusz Starzyk
c48f43b44d Fix PSA AEAD GCM's update output buffer length verification.
Move GCM's update output buffer length verification
from PSA AEAD to the built-in implementation of the GCM.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-04 13:54:55 +02:00
Mateusz Starzyk
f28261fc14 Remove output buffer limitation for PSA with GCM.
The requirement of minimum 15 bytes for output buffer in
psa_aead_finish() and psa_aead_verify() does not apply
to the built-in implementation of the GCM.

Alternative implementations are expected to verify the
length of the provided output buffers and to return
the MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the
buffer length is too small.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-04 13:54:54 +02:00
Gilles Peskine
023aa11760
Merge pull request #4996 from mprse/mbedtls_cipher_setup_psa_ECB
Fix test gap: mbedtls_cipher_setup_psa() with ECB
2021-10-01 14:49:10 +02:00
openluopworld
eab65acca4 bugfix: if the len of iv is not 96-bit, y0 can be calculated incorrectly.
An initialization vector IV can have any number of bits between 1 and
2^64. So it should be filled to the lower 64-bit in the last step
when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
2021-10-01 17:57:11 +08:00
LuoPeng
eb009232c0 Update library/gcm.c
Co-authored-by: davidhorstmann-arm <70948878+davidhorstmann-arm@users.noreply.github.com>
Signed-off-by: openluopworld <luopengxq@gmail.com>
2021-10-01 17:57:11 +08:00
XiaokangQian
05420b120b TLS1.3: Add useful comments based on RFC8446
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 06:15:18 +00:00
XiaokangQian
16c61aa738 TLS1.3: Alignment coding styles based on comments
Fix kinds of alignment issues in fetch handshake messages.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 02:14:23 +00:00
XiaokangQian
6b226b0874 Add fetch_hand_message in generic
This function is one common function in generic file, get it from
the encrypted extension and submit one patch independently.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 02:14:23 +00:00
Andrzej Kurek
a72fe641cc Do not zeroize the ssl context if a key exporting function is set
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 17:08:31 -04:00
Ronald Cron
cd51e76583
Merge pull request #4338 from paul-elliott-arm/psa-m-aead
Implement multipart PSA AEAD
2021-09-29 22:48:33 +02:00
Andrzej Kurek
324f72ec9c Fix a bug where the ssl context is used after it's nullified
When not using DEBUG_C, but using the DTLS CID feature -
a null pointer was accessed in ssl_tls.c.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:52 -04:00
Andrzej Kurek
5902cd64e2 Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes #4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:42 -04:00
Paul Elliott
60116aee9e Invert logic on nonce length tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-29 14:40:16 +01:00
Paul Elliott
355f59edbe Fix formatting issues
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-29 14:40:16 +01:00
Paul Elliott
e716e6c00b Switch cipher enabled macros
Switch from using MBEDTLS_PSA_BUILTIN_ macros over to using PSA_WANT_
macros, as code was moved from the internal drivers to the PSA Core.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-29 14:40:16 +01:00
Przemyslaw Stekiel
80c6a8e1a6 Add PSA support for MBEDTLS_CIPHER_AES_128_ECB
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-09-29 12:39:21 +02:00
Gilles Peskine
bfe3d87f24
Merge pull request #4842 from gilles-peskine-arm/public_fields-3.0-info
Make some structure fields public: key info, ASN.1 and X.509 parsing, socket fd
2021-09-29 12:37:09 +02:00
Jerry Yu
d96a5c2d86 Fix wrong usage of counter len macro
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-29 17:46:51 +08:00
gabor-mezei-arm
5b3a32d883
Fix missing includes
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-29 10:53:55 +02:00
Manuel Pégourié-Gonnard
1869377146
Merge pull request #4942 from yuhaoth/pr/add-tls13-client-dummy-state-handlers
add tls13 client dummy state handlers and improve dispatch test
2021-09-29 10:45:16 +02:00
Paul Elliott
baff51c8b7 Make sure nonce length checks use base algorithm
Nonce length checks are now being used in the oneshot AEAD code as well,
which passes variant algorithms, not the base version, so need to
convert to base if necessary.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 17:47:24 +01:00
gabor-mezei-arm
90d96cc741 Add documentation for the functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 17:07:51 +02:00
gabor-mezei-arm
b11a56e34c
Unify equality checker functions return value
The equality checker functions always return 0 or 1 value,
thus the type of return value can be the same dispite of the
size of the parameters.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:42:19 +02:00
gabor-mezei-arm
9cb55698aa
Propagate usage of mask generation functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:42:19 +02:00
gabor-mezei-arm
396438c57b
Unify mask generation functions
Generate all-bits 0 or all bits 1 mask from a value instead of from a bit.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:42:19 +02:00
gabor-mezei-arm
87ac5bef97 Unify function parameters
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:42:16 +02:00
gabor-mezei-arm
4602564d7a
Unify memcmp functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:33:47 +02:00
gabor-mezei-arm
2dcd7686ce Typo: Unify indentation of function parameters
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:33:44 +02:00
gabor-mezei-arm
fdb71183f8
Move mbedtls_cf_rsaes_pkcs1_v15_unpadding function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:45 +02:00
gabor-mezei-arm
bef600f27e
Move the constant-time part of mbedtls_rsa_rsaes_pkcs1_v15_decrypt to a function
Tne unpadding part of `mbedtls_rsa_rsaes_pkcs1_v15_decrypt` function is
contant-time therefore it moved to a separate function to be prepared
for moving to the contant-time module.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
65cefdbfcb
Create mbedtls_cf_size_if function
Add a constant-time function with size_t parameter for choosing
between two integer values, like the ?: ternary operator.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
c29a3da599
Move mbedtls_mpi_lt_mpi_ct function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
5c97621215
Move mbedtls_mpi_safe_cond_swap function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
40a4925128
Move mbedtls_mpi_safe_cond_assign function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
9c1203fd67
Delete ssl_invasive.h due to duplicated function declarations
All function declaration provided by ssl_invasive.h is needed only for
testing purposes and all of them are provided by constant_time.h as well.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
1349ffde84
Move mbedtls_cf_hmac function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
0e7f71e1a9
Move mbedtls_cf_memcpy_offset function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
dee0fd33f1
Move mbedtls_cf_memcpy_if_eq function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:43 +02:00
gabor-mezei-arm
394aeaaefb Move mbedtls_cf_mem_move_to_left function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:41 +02:00
gabor-mezei-arm
be8d98b0be Move mbedtls_cf_mpi_uint_cond_assign function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:23:57 +02:00
gabor-mezei-arm
d3230d533c
Move mbedtls_cf_cond_select_sign function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:10 +02:00
gabor-mezei-arm
b2dbf2c113
Move mbedtls_cf_uint_if function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:10 +02:00
gabor-mezei-arm
3f90fd540a
Move mbedtls_cf_mpi_uint_lt function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:10 +02:00
gabor-mezei-arm
84dc02c8f5
Remove module dependency
Elinimate macros defined by modules locally in the functions that are
moving to the new constant-time module.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:10 +02:00
gabor-mezei-arm
5a85442604
Move mbedtls_cf_size_gt function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:09 +02:00
gabor-mezei-arm
8d1d5fd204 Move mbedtls_cf_size_bool_eq function to the constant-time module
There were multiple functions called mbedtls_cf_size_bool_eq. They had exactly
the same behavior, so move the one in bignum.c and remove the other.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:20:07 +02:00
gabor-mezei-arm
16fc57bcc4
Move mbedtls_cf_size_mask_ge function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
c76227d808
Move mbedtls_cf_size_mask_lt function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
3733bf805a
Move mbedtls_cf_size_mask function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
340948e4a5
Move mbedtls_cf_uint_mask function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
db9a38c672
Move contatnt-time memcmp functions to the contant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
9fa43ce238
Rename function to have suitable name
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:14:47 +02:00
Paul Elliott
814f0c5fb1 Remove check for lack of supported ciphers
Add comment explaining (currently) empty function.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 14:42:36 +01:00
Paul Elliott
946c920475 Add safety for nonce length to internal driver
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 14:42:36 +01:00
Jerry Yu
d9a94fe3d0 Add counter length macro
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-28 20:10:26 +08:00
Jerry Yu
6ca7c7fd6b Remove useless variables
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-28 18:51:40 +08:00
Paul Elliott
bb0f9e1740 Move all nonce length checks to PSA Core
Remove duplicated code from oneshot API

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 11:16:27 +01:00
Paul Elliott
dff6c5d963 Restore internal driver for aead_set_lengths
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 11:16:27 +01:00
Jerry Yu
ad8d0bad10 Keep consistency order.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-28 17:58:26 +08:00
Jerry Yu
d52398d31f fix double underscore fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-28 16:13:44 +08:00
Paul Elliott
4ed1ed18d2 Move nonce size checking to PSA Core
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-27 18:24:11 +01:00
Paul Elliott
325d374e3d Move set lengths checking to PSA Core
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-27 18:24:11 +01:00
Paul Elliott
c78833abc7 Add reminder of assumption to documentation
Key size is not verified by this function, but by the level above it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-27 16:00:40 +01:00
Gilles Peskine
7820a574f1 Catch failures of AES or DES operations
Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 16:22:08 +02:00
Jerry Yu
148165cc6f Remove psa version of get_handshake_transcript
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
957f0fa1f7 Add length macro for in_ctr
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
e06f4532ef remove useless code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
4836952f9d fix tls1_3 prefix issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
92c1ca221f fix likely typos error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
b65eb2f3cf Revert "tls13: add generate handshake keys"
This reverts commit f02ca4158674b974ae103849c43e0c92efc40e8c.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
5243142476 Add macro for length of input counter
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
e3131ef7f3 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
a63de352dc Revert "tls13: add ecdh_read_public"
This reverts commit 6a9d2ee4df88028e352e50d4f48687ce5b0f26ac.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
000f976070 Rename get_handshake_transcript
- Remove tls13 prefix
- Remove TLS1_3 macro wrap

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
c7875b5f11 add set in/out transform utils
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
d3f73349a7 tls13: add ecdh_read_public
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
7bea4bac96 tls13: add checksum of handshake message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
4925ef5da1 tls13: add generate handshake keys
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
89ea321d96 tls13: add key_schedule_stage_early_data
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
24c0ec31f9 tls13: add get_handshake_transcript
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
3bf1f97a0e fix various issue on pending send alert
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
bbd5a3fded fix pending_alert issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
394ece6cdd Add function for set pending alert flag
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
e7047819ee add pend fatal alert
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
e86cd65754 fix unused-variable fail without MBEDTLS_DEBUG_C
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Jerry Yu
860b4ee42e Rename *_read_* to *_process_*
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Jerry Yu
6e81b27003 Add client state number check
It is temporary check. If any change on `mbedtls_ssl_states`, please
double check those tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Jerry Yu
435756ffc0 Keep consistent order in dummy functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Jerry Yu
6c983524a8 Move msvc compatible fix to common.h
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Jerry Yu
687101b2e6 tls13: add dummy state machine handler
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Gilles Peskine
aafb21f320
Merge pull request #4968 from davidhorstmann-arm/fix-aarch64-asm-constraints
Fix aarch64 assembly for bignum multiplication
2021-09-27 09:01:15 +02:00
Paul Elliott
71b0567c87 Merge remote-tracking branch 'upstream/development' into psa-m-aead-merge
Also fiixed the following merge problems:

crypto_struct.h   : Added MBEDTLS_PRIVATE to psa_aead_operation_s
                    members (merge conflict)
psa_crypto_aead.c : Added ciphertext_length to mbedtls_gcm_finish
                    call (change of API during development)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-24 11:18:13 +01:00
Ronald Cron
f2cb19f921
Merge pull request #4891 from yuhaoth/pr/enable-key-exchange-in-client-hello
TLS1.3: Client Hello : Add  extensions and test case.
2021-09-23 18:45:01 +02:00
Paul Elliott
90fdc117dd Make NULL tag check more explicit
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Paul Elliott
70618b22a9 Change sizeof to variable rather than struct
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
David Horstmann
11c81df707 Fix aarch64 assembly for bignum multiplication
Add memory constraints to the aarch64 inline assembly in MULADDC_STOP.
This fixes an issue where Clang 12 and 13 were generating
non-functional code on aarch64 platforms. See #4962, #4943
for further details.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-09-22 18:31:35 +01:00
LuoPeng
e3f23091d2
Merge branch 'ARMmbed:development' into development 2021-09-22 23:36:15 +08:00
Manuel Pégourié-Gonnard
a0b4b0c3cd Clean up some remnants of TLS pre-1.2 support
Now that support for earlier version have been removed, we no longer
need to care about them.

Since TLS 1.3 is being gradually introduced, we might still need a
version check in some places - but here the function is called
ssl_tls12_populate_tranform() and TLS 1.3 has its own function
mbedtls_ssl_tls13_populate_transform(), so when this function is called
we just know we're using TLS 1.2.

Reviewer hint: use the -b option of git diff / git show

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-21 14:12:59 +02:00
Gilles Peskine
f0f2294f57
Merge pull request #4708 from mstarzyk-mobica/ccm_chunked
Ccm chunked - enable multipart CCM in PSA
2021-09-21 13:46:52 +02:00
Gilles Peskine
6c12a1e9f2 Add ARIA to the PSA API
Use the encoding from an upcoming version of the specification.

Add as much (or as little) testing as is currently present for Camellia.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-21 11:59:39 +02:00
Gilles Peskine
304689e4c4
Merge pull request #4947 from gilles-peskine-arm/muladdc-amd64-memory-development
Fix x86_64 assembly for bignum multiplication
2021-09-20 22:23:49 +02:00
Gilles Peskine
93cb6111ba
Merge pull request #4878 from SiliconLabs/remove_dependency_4877
Remove dependency of built-in keys on storage
2021-09-20 22:20:16 +02:00
Paul Elliott
ec95cc9489 Add safety for NULL tag being passed to finish
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 22:39:06 +01:00
Paul Elliott
8ff74217e4 Add comment explaining finish output size
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
4c916e8d74 Improve comment on buffer clearing
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
69bf5fc901 Const correctness
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
70f447dfe5 Replace individual zeroization with memset
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
eac6c757a2 Make nonce length check return error where it can
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
12acb6bb4c Remove missed references to aead_verify from docs
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
b183d56b5f Use safer size for tag checking
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
06b6b8c8d6 Add missing zeroize for sensitive tag data.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
openluopworld
08fd463ee4 bugfix: if the len of iv is not 96-bit, y0 can be calculated incorrectly
An initialization vector IV can have any number of bits between 1 and
2^64. So it should be filled to the lower 64-bit in the last step
when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
2021-09-19 11:20:03 +08:00
openluopworld
6c8183f0c9 bugfix: if the len of iv is not 96-bit, ghash is used to compute y0.
An initialization vector IV can have any number of bits between 1 and
2^64. So it should be filled to the lower 64-bit in the last step
when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
2021-09-17 22:20:07 +08:00
openluopworld
2beb5f302a bugfix: if the len of iv is not 96-bit, ghash is used to compute y0.
An initialization vector IV can have any number of bits between 1 and
2^64. So it should be filled to the lower 64-bit in the last step
when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
2021-09-17 18:20:37 +08:00
Jerry Yu
388bd0d53c fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-15 22:06:11 +08:00
Gilles Peskine
d337fbc4cb x86_64 MULADDC assembly: add missing constraints about memory
MULADDC_CORE reads from (%%rsi) and writes to (%%rdi). This fragment is
repeated up to 16 times, and %%rsi and %%rdi are s and d on entry
respectively. Hence the complete asm statement reads 16 64-bit words
from memory starting at s, and writes 16 64-bit words starting at d.

Without any declaration of modified memory, Clang 12 and Clang 13 generated
non-working code for mbedtls_mpi_mod_exp. The constraints make the unit
tests pass with Clang 12.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-15 15:51:43 +02:00
Jerry Yu
dd1fb9e37e add mbedtls_ecdh_setup_no_everest
Setup ecdh without everest for TLS1.3

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-15 11:10:15 +08:00
Jerry Yu
bdc71888fc Remove restartable and everest from tls1.3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-14 19:33:31 +08:00
Janos Follath
cacec723c8
Merge pull request #4938 from gilles-peskine-arm/psa_cipher_update_ecp-unused_parameter
Fix parameter set but unused on psa_cipher_update_ecb
2021-09-13 13:55:38 +01:00
Gilles Peskine
d87d87371f Fix the size in bytes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 12:21:22 +02:00
Gilles Peskine
1716f32864 psa_cipher_update_ecb: remove parameter output_size
This parameter was set but not used, which was pointless. Clang 14 detects
this and legitimately complains.

Remove the parameter. This is an internal function, only called once. The
caller already has a sufficient check on the output buffer size which
applies in more cases, so there is no real gain in robustness in adding the
same check inside the internal function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 09:46:41 +02:00
Gilles Peskine
55dffe58a0 Document the internal function psa_cipher_update_ecb
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 09:33:28 +02:00
Jerry Yu
335aca9c52 fix format issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-12 20:18:56 +08:00
Jerry Yu
72fc69bd40 fix typo error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-10 10:23:37 +08:00
Archana
9d17bf4215
Styling and refactoring
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-10 07:16:08 +05:30
Archana
374fe5b8d2
Handle zeroed attributes key bits and type in copy
The target attributes for key copy could have key bits and
type zeroed. If so, they need to be overwritten/ inherited
from the source key.
This is now forcefully overwritten after validating the
optional attributes. As a result assigning attributes type
and bits after copy are no longer necessary.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-09 10:09:19 +05:30
Archana
449608bc61
Code style improvements
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:13 +05:30
Archana
8a180368fb
Add opaque test driver support for copy key
A minimal test driver extension is added to support
copy of opaque keys within the same location.
Test vector support is extended to cover opaque keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:07 +05:30
Archana
6ed4bda2c6
pre-existing validation extended
The validation against key width and max key bits is extended to
all key types from the existing validation for only symmetric keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:00 +05:30
Archana
4d7ae1d8cf
Add test driver support for opaque key import
-Add test driver support to import/export while wrapping keys
 meant to be stored in the PSA core as opaque( emulating an
 SE without storage ).
-Export validate_unstructured_key_bit_size as
 psa_validate_unstructured_key_bit_size, thereby changing its scope.
-Improve the import/export test cases in test_suite_psa_crypto to also
 cover opaque keys, thereby avoiding duplication.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:03:54 +05:30
Archana
d8a83dc172
Sizing of key buffer for opaque keys
Create a new sizing function for determining the size required for key
storage based on the input key data.
This is required for key imports where the key length might need to be
derived from the data.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:03:48 +05:30
Ronald Cron
3b097eb68f
psa: Remove psa_key_slot_is_external()
Remove psa_key_slot_is_external() that is not used anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-08 22:03:41 +05:30
Ronald Cron
9b8b69c30a
psa: Remove buggy report of RSA public exponent for opaque keys
The report of RSA public exponent for opaque keys is not
supported. Do not attempt to compute the RSA public
exponent of an RSA opaque key associated to a driver
implementing the new driver interface when
MBEDTLS_PSA_CRYPTO_SE_C is disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-08 22:03:32 +05:30
Ronald Cron
512ad81318
psa: Fix slot number key attribute
Slot number key attribute is specific of dynamically
registered drivers and should thus not be computed/
returned in case of keys associated to drivers
implementing the new unified driver interface.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-08 22:03:26 +05:30
Ronald Cron
ddae0f5642
Clarify psa_get_and_lock_transparent_key_slot_with_policy() purpose
Clarify the purpose of
psa_get_and_lock_transparent_key_slot_with_policy() and
define it even when MBEDTLS_PSA_CRYPTO_SE_C is disabled
for the purpose of static drivers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-08 22:03:20 +05:30
Jerry Yu
7c522d4941 Remove ecp_c undefine routines
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 17:55:09 +08:00
Jerry Yu
b60e3cf424 fix various issues
- format problems
- name conversion issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 16:41:02 +08:00
Jerry Yu
56fc07f7ae add key_share extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 10:37:20 +08:00
Jerry Yu
7236994aa9 add signature algorithms extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
6b64fe31ce add supported groups extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
e226cef124 Add NamedGroup IANA values and helper functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
26f4d15d13 Add key exchange modes helper functions
Add helper functions for `tls13_kex_modes`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
7533635e5a Change dummy extension return
With error return, server can not receive
Client Hello message.

If received , we can test current status.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
fec982eacc fix coding style issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-07 17:26:06 +08:00
Jerry Yu
4e388286af fix usage of iteration
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-06 21:28:08 +08:00
Jerry Yu
bbe09526b7 fix name conversion issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-06 21:17:54 +08:00
Mateusz Starzyk
5d7f6b1fd5 Remove rendundat ctx->add_len check.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-06 12:09:34 +02:00
Jerry Yu
dbfb7bd873 fix various issues
- wrong cipher suite filter condition
- name conversion
- format issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-04 10:00:02 +08:00
Jerry Yu
8c02bb4b71 fix various comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 21:52:26 +08:00
Jerry Yu
ef387d79a4 change prototype of write body
To keep consistence with others

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
2c0fbf3405 modify proc_chk macros
- change the parameter
- remove debug output
- remove return value modify

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
0c63af6ed6 fix comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
790656a0a6 fix name conversion issues
fix name conversion issues in `ssl_tls13_write_client_hello_body`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
1bc2c1f1a3 fix various issues
fix comments, format and name conversion issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
f171e836eb fix lenght mismatch error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
b7ab336b3a fix format issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
a2cf7bd243 fix comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
6a64310002 Cleanup client_hello body.
cleanup `ssl_tls13_write_client_hello_body`, fix comments issues.
And move ciphersuites to separate function

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
67d4ed5b22 force change state type
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
159c5a0e12 fix comments issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
08906d006b fix name conversion issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
e41dec0158 Rename write signature algorithms function
To keep similar name with other place.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
eecfbf001c fix format issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
995ecd396f fix wrong iana values and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
c4d22444d6 fix undeclared variable error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

# Conflicts:
#	library/ssl_tls13_client.c
2021-09-03 16:29:20 +08:00
Jerry Yu
5cc8f0a0d8 Add simple document for tls13 functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
275619336a fix name conversion issue for tls13 server entry
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
92c6b402d7 Remove prototype of static functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
9176c3ad8c trim spaces
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
9e42f6efd3 Revert "Move random function check"
This reverts commit cc88b34f7942f57ea0fd27ee4b3e29f49c91f10e.

It causes many test fail. It should be re-considered.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
d532fe7720 write client hello also in hello reqeust
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
f443681f56 fix function name conversion issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
55b9038600 fix coding style issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
2ac64193ad Apply MBEDTLS_PUT_xyz
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
e885b76980 fix too long lines
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
6f13f64aa6 fix various format issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
708202b7d0 Move random function check
move to `ssl_conf_check`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
c7ddeec229 Remove len_without_binders
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
8e7ca0432e fix extensions_present issues
fix comments for the mask values. follow same order
as IANA values.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
32cd5b19dc fix unused variable warning
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
ef6b36b484 add supported versions extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
bc20bdd3a9 Implement write_partial with dummy exts
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
93bcd61a41 Add field into handshake params
Add `extensions_present` field. It represents
which are present.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
c8a392c47e Implement stages except write_partial
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
65dd2ccfe6 Add dummy stages for client_hello_process
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
a13c7e739c add dummy client hello process
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
beb3f41f2f Add handshake_set_state helper function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Mateusz Starzyk
64f0b5f454 Return BAD_INPUT error for CCM context's erroneous state
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-02 11:50:54 +02:00
Gilles Peskine
88d681ca35 Make size_t -> int downcasts explicit
mbedtls_cipher_setkey takes an int argument. Cast explicitly, otherwise MSVC
complains.

Where possible, just stick to size_t.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 16:57:23 +02:00
Gilles Peskine
6f015a8798
Merge pull request #2327 from kennethsoerensen/pkparse-warning
Remove compiler warning if only MBEDTLS_PK_PARSE_C is defined
2021-09-01 16:53:45 +02:00
Paul Elliott
3d7d52c2ed Formatting fixes
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-01 15:09:15 +01:00
Mateusz Starzyk
7251eda6ff Replace BAD_SEQUENCE error with BAD_INPUT
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-01 13:26:44 +02:00
Manuel Pégourié-Gonnard
5a8abb144c
Merge pull request #4883 from mstarzyk-mobica/fix_psa_sign_msg
PSA MAC computation with _HASH flag implies _MESSAGE.
2021-09-01 12:23:20 +02:00
Gilles Peskine
ce9e3a92fe Remove redundant null check
mbedtls_cipher_info_get_xxx has well-defined behavior on NULL, so no need to
check first.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:54:27 +02:00
Gilles Peskine
e720dbe177 Use cipher_info accessor functions in TLS code
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:54:27 +02:00
Kenneth Soerensen
e28d49b3b6 Remove compiler warning if only MBEDTLS_PK_PARSE_C is defined
Warning reported with IAR compiler:
"mbedtls\library\pkparse.c",1167  Warning[Pe550]: variable "ret" was set but never used

Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2021-08-31 13:05:12 +02:00
Manuel Pégourié-Gonnard
e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api
Add TLS 1.3 ciphersuite and key exchange identifiers and API
2021-08-30 09:47:46 +02:00
Paul Elliott
5e69aa5709 Remove NULL check for set nonce
Also remove tests which would pass NULL to this function.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
2e450093e1 Remove variables declared as unused
They are now always being used.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
efda3408ce Fix formatting issues
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
3242f6c8ef Fix formatting issue
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
b8db2c5726 Remove extra blank lines
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
daf5c8954c Remove extraneous state checks
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
d9343f2f0f Refactor is_encrypt into aead setup arguments
Avoid touching the operation until later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Jerry Yu
d85a52c508 Add mask for kex_modes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:57 +08:00
Jerry Yu
69e0ec46b7 Replace SHA512_C with SHA384_C
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:48 +08:00
Jerry Yu
cadebe5343 fix several format and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:42 +08:00
Mateusz Starzyk
cbefb6ba4d Merge branch 'development' into ccm_chunked
Conflicts:
	library/ccm.c

Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro.
Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro
used in development branch on the 'b' buffer, because the 'b'
buffer is removed in current branch.
2021-08-24 15:14:23 +02:00