Commit graph

7385 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
5a8abb144c
Merge pull request #4883 from mstarzyk-mobica/fix_psa_sign_msg
PSA MAC computation with _HASH flag implies _MESSAGE.
2021-09-01 12:23:20 +02:00
Kenneth Soerensen
e28d49b3b6 Remove compiler warning if only MBEDTLS_PK_PARSE_C is defined
Warning reported with IAR compiler:
"mbedtls\library\pkparse.c",1167  Warning[Pe550]: variable "ret" was set but never used

Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2021-08-31 13:05:12 +02:00
Manuel Pégourié-Gonnard
e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api
Add TLS 1.3 ciphersuite and key exchange identifiers and API
2021-08-30 09:47:46 +02:00
Jerry Yu
d85a52c508 Add mask for kex_modes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:57 +08:00
Jerry Yu
69e0ec46b7 Replace SHA512_C with SHA384_C
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:48 +08:00
Jerry Yu
cadebe5343 fix several format and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:42 +08:00
Mateusz Starzyk
cbefb6ba4d Merge branch 'development' into ccm_chunked
Conflicts:
	library/ccm.c

Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro.
Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro
used in development branch on the 'b' buffer, because the 'b'
buffer is removed in current branch.
2021-08-24 15:14:23 +02:00
Joe Subbiani
a5cb0d24d4 Tidy up grouped MBEDTLS_BYTE_x macros
exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-23 11:52:28 +01:00
Joe Subbiani
94180e708f Minor coding style improvement
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 16:20:44 +01:00
Joe Subbiani
e4603eece9 Compress byte reading macros in if statements
exchange MBEDTLS_BYTE_x in if statements with MBEDTLS_GET_UINT16_BE

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 13:05:30 +01:00
Joe Subbiani
1f6c3aeb63 Tidy up ssl_*.c grouped MBEDTLS_BYTE_x macros
exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 12:19:57 +01:00
Mateusz Starzyk
ce0e6a9dea Require MESSAGE flag in PSA MAC setup.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-20 11:33:51 +02:00
Joe Subbiani
9ab1866b0d Remove trailing whitespace
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:57:42 +01:00
Joe Subbiani
d0687856af Improve documentation and add more uses of MBEDTLS_PUT
minor changes, such as improving the documentation for the byte reading
macros, and using MBEDTLS_PUT_UINT16_xy in place of byte reading
macro combinations

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:57:42 +01:00
Joe Subbiani
5241e343de Improve consitency throughout library/common.h
Replace the contents of MBEDTLS_PUT_UINTx_yz contained inconsitent
but similar/duplicate code to the MBEDTLS_BYTE_x macros. Therefore
the contents of the macros now utilise the byte reading macros.

MBEDTLS_PUT_UINT64_LE's written order was also not consitent with
the other PUT macros, so that was modified.

Documentation comment said LSB instead of MSB and that has also been
resolved.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:57:42 +01:00
Joe Subbiani
6dd7364553 Replace instances of byte reading macros with PUT
Instances of a group of byte reading macros which are equivilant to
MBEDTLS_PUT_UINTx_yz

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:57:41 +01:00
Joe Subbiani
51b147add0 Remove trailing white space
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:48 +01:00
Joe Subbiani
4919bb46b0 Remove use of byte reading macro for uint16
Accidently used MBEDTLS_BYTE_16 for a uint16 variable

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
b6511b04fa Replace instances of byte reading macros with PUT
Instances of a group of byte reading macros which are equivilant to
MBEDTLS_PUT_UINTx_yz

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
fbeb692dd0 Use byte reading macros in places not using a byte mask
byte shifting opertations throughout library/ were only replaced with
the byte reading macros when an 0xff mask was being used.
The byte reading macros are now more widley used, however they have not
been used in all cases of a byte shift operation, as it detracted from
the immediate readability or otherwise did not seem appropriate.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
99edd6c810 Add UINT64 GET and PUT macros
Copy over the GET/PUT_UINT64_LE/BE macros from aes.c and sha512.c
Add the MBEDTLS_ prefix to all 4 macros.
Modify the GET_UINT64 macros to no longer take a target variable
as a parameter, so when the macro function is called it must be
assigned to a variable in the same statement.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
2194dc477a Replace MBEDTLS_CHAR_x with MBEDTLS_BYTE_x
The CHAR macros casted to an unsigned char which in this project
is garunteed to be 8 bits - the same as uint8_t (which BYTE casts
to) therefore, instances of CHAR have been swapped with BYTE and
the number of macros have been cut down

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
bf7ea84f83 Replace "four bytes" with "two bytes" in macro documentation
When writing the documentation 4 bytes was written instead of 2 for
MBEDTLS_UINT16_LE

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:42 +01:00
Joe Subbiani
f5462d989c Remove trailing whitespaces
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:42 +01:00
Joe Subbiani
54550f7fca Replace 3 byte shift with appropriate macro
aria.c has a shift by 3 bytes, but does not use the 0xff masking.
aparently this is not a problem and it is tidier to use the maco.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:42 +01:00
Joe Subbiani
635231a71e Improve common.h macro documentation
Imrpoved the descriptions of the macros and parameters and
changing the name of the MBEDTLS_PUT_UINT... macro parameters
to be more descriptive

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:42 +01:00
Joe Subbiani
cd84d76e9b Add Character byte reading macros
These cast to an unsigned char rather than a uint8_t
like with MBEDTLS_BYTE_x
These save alot of space and will improve maintence by
replacing the appropriate code with MBEDTLS_CHAR_x

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:41 +01:00
Joe Subbiani
6a50631497 GET macros use a target variable
The GET macros used to write to a macro parameter, but now
they can be used to assign a value to the desired variable
rather than pass it in as an argument and have it modified
in the macro function.

Due to this MBEDTLS_BYTES_TO_U32_LE is the same as
MBEDTLS_GET_UINT32_LE and was there for replaced in the
appropriate files and removed from common.h

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:55 +01:00
Joe Subbiani
394bdd662b Document common.h and remove changelog
Added documenttion comments to common.h and removed the changelog
as it is not really necessary for refactoring.

Also modified a comment in aria.c to be clearer

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:55 +01:00
Joe Subbiani
9fa9ac3612 Move GET/PUT_UINT16_LE macros to common.h
Although these only appear in one file: psa_crypto_storage.c
it is tidy to give it the same prefix as the UINT32 macros
and to store them in the fame file

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:55 +01:00
Joe Subbiani
5ecac217f0 Prefixed macros with MBEDTLS
As per tests/scripts/check-names.sh, macros in
library/ header files should be prefixed with
MBEDTLS_
The macro functions in common.h where also indented
to comply with the same test

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:54 +01:00
Joe Subbiani
9aaec54e57 Undo use of BYTE_x macro
The use of the BYTE_x macro in nist_kw did not seem appropriate
in hind sight as it is working with a character array not an int

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:54 +01:00
Joe Subbiani
6f2bb0c8ef Remove trailing whitespace
Trailing white spaces causing check_files.py to fail

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:54 +01:00
Joe Subbiani
c4f3d5b38e Add do-while protection to macros
missed do-while around function-like macros (UINT32_BE and
UINT_LE macros) originally present in the indivdual files,
before being moved to common.h.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Joe Subbiani
54c6134ff7 Move UINT32_LE macros to common.h
32-bit integer manipulation macros (little edian):
GET_UINT32_LE and PUT_UINT32_LE appear in several
files in library/.
Removes duplicate code and save vertical
space the macro has been moved to common.h.
Improves maintainability.

Also provided brief comment in common.h for
BYTES_TO_U32_LE. comment/documentation will
probably need to be edited further for all
recent additions to library/common.h

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Joe Subbiani
30d974c232 Move UINT32_BE macros to common.h
32-bit integer manipulation macros (big edian):
GET_UINT32_BE and PUT_UINT32_BE appear in several
files in library/.
Removes duplicate code and save vertical
space the macro has been moved to common.h.
Improves maintainability.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Joe Subbiani
3b394509da Move BYTES_TO_U32_LE to common.h
The macro BYTES_TO_U32_LE appears in poly1305.c and
chacha20.c.
Removes duplicate code and save vertical
space the macro has been moved to common.h.
Improves maintainability.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Joe Subbiani
50dde56543 Implement byte reading macros into library/
To improve readability by saving horizontal and vertical space.
Removed unecessary & 0xFF.
Byte reading macros implemented in library/common.h, All files
containing "& 0xff" were modified.
Comments/Documentation not yet added to the macro definitions.

Fixes #4274

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Manuel Pégourié-Gonnard
01a78599b0
Merge pull request #4864 from hanno-arm/upstream_sig_alg_identifers
TLS 1.3 MVP: Upstream TLS 1.3 SignatureAlgorithm identifiers and configuration API
2021-08-19 09:12:59 +02:00
Jerry Yu
7899de839c fix comments and format issues
Change-Id: I927d97f9d788389d6abb9edbda0f7c3e2f8e9b63
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-17 13:26:59 +08:00
Jerry Yu
f7fce9200c Remove rsa_pss_rsae_sha256 from preset_sig_algs.
To keep consistent with ssl_{clien2t,server2}.

Change-Id: I08dbe47a3d9b778ba3acad283f608fef4e63c626
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-17 13:26:53 +08:00
Archana
0dc86b5a2a
Remove dependency of builtin keys on storage
The psa_open_key API depends on MBEDTLS_PSA_CRYPTO_STORAGE_C.
This is unnecessary for builtin keys and so is fixed.
Updated an open_fail test vector keeping with the same.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-08-17 02:46:00 +05:30
Manuel Pégourié-Gonnard
5e344563e4
Merge pull request #4858 from hanno-arm/upstream_tls13_transforms
Upstream TLS 1.3 record transformations structure fields
2021-08-12 12:29:54 +02:00
Manuel Pégourié-Gonnard
2fb897ecf9
Merge pull request #4852 from hanno-arm/unify_cli_srv_hs_step
Share preparatory code between client and server handshake steps
2021-08-12 12:24:51 +02:00
Manuel Pégourié-Gonnard
b7745d2323
Merge pull request #4834 from hanno-arm/msg_layer_reset_helper
Move messaging related session reset into separate helper function
2021-08-12 12:20:33 +02:00
Manuel Pégourié-Gonnard
409c8f6e1b
Merge pull request #4851 from hanno-arm/hs_msg_without_checksum
Add handshake message writing variant that doesn't update checksum
2021-08-12 11:54:10 +02:00
Hanno Becker
30319f1f88 Remove misplaced comment in TLS 1.3 ciphersuite definitions
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
71f1ed66c2 Add identifiers and API for configuration of TLS 1.3 key exchanges
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:28:45 +01:00
Hanno Becker
e2defad0bb Fix indentation of pre-existing code-block in ssl_tls.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:28:45 +01:00
Hanno Becker
8ca26923eb Add TLS 1.3 ciphersuites
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:28:45 +01:00
Hanno Becker
e043d15d75 Turn comments of 1.3 record transforms into Doxygen documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:22:52 +01:00
Dave Rodgman
2aec149e13
Merge pull request #4248 from hanno-arm/tls13_populate_transform
Fix and test compliance of TLS 1.3 record protection
2021-08-11 16:41:51 +01:00
Hanno Becker
deb68ce2d1 Fix guard around TLS 1.3 SigAlg configuration
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 16:04:05 +01:00
Hanno Becker
9c6aa7bb9a Add default values for TLS 1.3 SigAlg configuration
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 13:55:49 +01:00
Hanno Becker
1cd6e0021f Add experimental API for configuration of TLS 1.3 sig algs
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 13:55:43 +01:00
Mateusz Starzyk
2f1754916c Improve comment on local_output.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
b73c3ec1bc Restore MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED as default ret.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
62d22f9782 Use additional state in CCM to track auth data input.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
4f2dd8aada Fix errors returned by CCM functions.
Add new error code for calling functions in wrong order.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
f337850738 Use const size buffer for local output in CCM decryption.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:59:36 +02:00
Mateusz Starzyk
c562788068 Fix local buffer allocation conditions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
c8bdf36a72 Validate tag pointer in ccm function.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
1bda9451ef Factor out common code from ccm decrypt functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
eb395c00c9 Move 'Authenticated decryption' comment.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
22f7a35ca4 Do not use output buffer for internal XOR during decryption.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
36d3b89c84 Verify input data lengths.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
2d5652acee Move ccm error state handling.
Remove error clearing from ccm_starts() and ccm_set_lengths().
Add error check in ccm_update_ad(), ccm_update() and ccm_finish().

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
5d97601e81 Remove ccm input validation.
VALIDATE and VALIDATE_RET macros are obsolete.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
ca9dc8d1d7 Rename ccm_calculate_first_block function.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
c52220d775 Clear temporary buffer after block crypt operation.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
a9cbdfbb34 Replace ccm status flags with bitshifts.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
663055f784 Remove UPDATE_CBC macro and working b buffer.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
20bac2fbe4 Fix chunked ccm update.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
05e92d67bb Fix crypt mode configuration. Validate parameters in chunked input functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
6a15bcf61b Add support for chunked plaintext/cyphertext input.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
2ad7d8e1ff Replace CCM_CRYPT macro with a more versatile static function.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
33392450b7 Add chunked auth data support
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
eb2ca96d69 Store set lenghts in ccm context.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
88c4d624f8 Clear context state if previous operation failed.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
793692cbcb Split ccm_auth function.
Move logic to ccm_starts, ccm_set_lengths, ccm_update_ad,
ccm_update and ccm_finish
Use separate variable to track context state.
Encode first block only if both mbedtls_ccm_starts() and
mbedtls_ccm_set_lengths() were called.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
89d469cdb4 Move working variables to ccm context structure
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Hanno Becker
3aa186f946 Add transforms to be used for TLS 1.3
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 09:24:19 +01:00
Jerry Yu
b9930e7d70 Add dummy tls1.3 handshake dispatch functions
Base on version config, `handshack_{clinet,server}_step`
will call different step function. TLS1.3 features will
be gradully added base on it.

And a new test cases is added to make sure it reports
`feature is not available`.

Change-Id: I4f0e36cb610f5aa59f97910fb8204bfbf2825949
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Jerry Yu
3cc4c2a506 Add dummy ssl_tls13_{client,server}.c
Change-Id: Ic1cd1d55b097f5a31c9f48e9d55733d75ab49982
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Jerry Yu
60835a88c3 Add config check utils functions
Check configuration parameter in structure setup
function to make sure the config data is available
and valid.

Current implementation checks the version config.
Available version configs are
- tls1_3 only
- tls1_2 only

issues: #4844

Change-Id: Ia762bd3d817440ae130b45f19b80a2868afae924
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Hanno Becker
41934dd20a Share preparatory code between client and server handshake steps
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-07 19:13:43 +01:00
Hanno Becker
f3cce8b0e1 Add handshake message writing variant that doesn't update checksum
The helper `mbedtls_ssl_write_handshake_msg` writes a handshake message
and updates the handshake transcript.

With TLS 1.3, we need finer control over the checksum: updating
at message granularity is not sufficient. To allow for manual maintenance
of the checksum in those cases, refine `mbedtls_ssl_write_handshake_msg()`
into `mbedtls_ssl_write_handshake_msg_ext()` which takes a parameter
determining whether the checksum should be updated.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-07 14:29:49 +01:00
Hanno Becker
b0302c4c7b Move messaging related session reset into separate helper function
- Improves readability
- Will be useful when we introduce MPS as an alternative msg layer.
- Will be useful when we need to reset the messaging layer upon
  receipt of a HelloRetryRequest in TLS 1.3.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-03 09:41:34 +01:00
Gilles Peskine
8bb9b80d18
Merge pull request #4806 from hanno-arm/ssl_session_serialization_version
Store TLS version in SSL session structure
2021-08-02 12:45:55 +02:00
Hanno Becker
fa0d61e559 Fix typo
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 08:56:14 +01:00
Hanno Becker
dfba065d80 Adjust ssl_tls13_keys.c to consolidated CID/1.3 padding granularity
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
c0da10dc3a Remove TLS 1.3 specific code from TLS <= 1.2 transform generator
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
f62a730e80 Add missing semicolon in TLS 1.3 transform generation code
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
edd5bf0a95 Fix and document minimum length of record ciphertext in TLS 1.3
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
7887a77c25 Match parameter check in TLS 1.3 populate transform to 1.2 version
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
79e2d1b6f6 Fix AEAD additional data computation for TLS 1.3
The AEAD additional data (AAD) is computed differently in TLS 1.3
compared to TLS 1.2, but this change hasn't yet been reflected in
the codee, rendering the current implementation of

```
   mbedtls_ssl_{encrypt,decrypt}_buf()
```

not standard compliant.

This commit fixes this by adjusting the AAD extraction function
ssl_extract_add_data_from_record() and its call-sites.

Please see the documentation of the code for an explanation
of how the AAD has changed from TLS 1.2 to TLS 1.3.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:52:49 +01:00
Hanno Becker
c94060c641 Add TLS 1.3 specific key to SSL transform conversion function
This commit adds the TLS 1.3 specific internal function

```
  mbedtls_ssl_tls13_populate_transform()
```

which creates an instance of the SSL transform structure
`mbedtls_ssl_transform` representing a TLS 1.3 record protection
mechanism.

It is analogous to the existing internal helper function

```
   ssl_tls12_populate_transform()
```

which creates transform structures representing record
protection mechanisms in TLS 1.2 and earlier.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:52:49 +01:00
Hanno Becker
bd25755d2a Rename ssl_populate_transform() -> ssl_tls12_populate_transform()
In TLS 1.2 specific code, the internal helper functions
ssl_populate_transform() builds an SSL transform structure,
representing a specific record protection mechanism.

In preparation for a subsequent commit which will introduce
a similar helper function specific to TLS 1.3, this commmit
renames ssl_populate_transform() to ssl_tls12_populate_transform().

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:52:45 +01:00
Hanno Becker
dce50974bf Prefix "version" with "library" or "protocol" to avoid ambiguity
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-01 05:39:23 +01:00
Hanno Becker
37bdbe6c4d Remove mentions of truncated HMAC from ssl_tls.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-01 05:38:58 +01:00
Manuel Pégourié-Gonnard
8da9dc05e8
Merge pull request #4748 from TRodziewicz/re-introduce_ext_checks_for_psa_unlock-wipe_key_slot
Re-introduction of key slot checks
2021-07-29 13:45:57 +02:00
Manuel Pégourié-Gonnard
b637150dfe
Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
2021-07-27 09:42:53 +02:00
Hanno Becker
fadbdbb576 Store TLS version in SSL session structure
Instances of `mbedtls_ssl_session` represent data enabling session resumption.

With the introduction of TLS 1.3, the format of this data changes. We therefore
need TLS-version field as part of `mbedtlsl_ssl_session` which allows distinguish
1.2 and 1.3 sessions.

This commit introduces such a TLS-version field to mbedtls_ssl_session.

The change has a few ramifications:

- Session serialization/deserialization routines need to be adjusted.

  This is achieved by adding the TLS-version after the header of
  Mbed TLS version+config, and by having the subsequent structure
  of the serialized data depend on the value of this field.

  The details are described in terms of the RFC 8446 presentation language.

  The 1.2 session (de)serialization are moved into static helper functions,
  while the top-level session (de)serialization only parses the Mbed TLS
  version+config header and the TLS-version field, and dispatches according
  to the found version.

  This way, it will be easy to add support for TLS 1.3 sessions in the future.

- Tests for session serialization need to be adjusted

- Once we add support for TLS 1.3, with runtime negotiation of 1.2 vs. 1.3,
  we will need to have some logic comparing the TLS version of the proposed session
  to the negotiated TLS version. For now, however, we only support TLS 1.2,
  and no such logic is needed. Instead, we just store the TLS version in the
  session structure at the same point when we populate mbedtls_ssl_context.minor_ver.

The change introduces some overlap between `mbedtls_ssl_session.minor_ver` and
`mbedtls_ssl_context.minor_ver`, which should be studied and potentially resolved.
However, with both fields being private and explicitly marked so, this can happen
in a later change.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-23 06:25:48 +01:00
Gilles Peskine
3b9bea0757
Merge pull request #4750 from yutotakano/fix-reserved-identifier-clash
Replace reserved identifier clashes with suitable replacements
2021-07-22 16:20:56 +02:00
Yuto Takano
538a0cbcf4 Replace _RR with prec_RR to prevent reserved identifier clashes
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-14 10:20:09 +01:00
TRodziewicz
c9890e9a8c Rewording comments
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-14 10:16:26 +02:00
TRodziewicz
829fe7038d Correction to callback declaration and usage
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-13 12:23:12 +02:00
TRodziewicz
18cddc08c7 Reverting comments deleted in previous PR
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-13 12:19:15 +02:00
Yuto Takano
36c8ddc4cc Replace _B with B to prevent reserved identifier clashes
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-12 16:02:07 +01:00
Archana
277572fa2b Fix coding style issue
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 09:00:57 +05:30
Archana
1d2e2bb8cc Add missing Curve448 support for PSA keys
mbedtls_ecp_read_key and mbedtls_ecp_write_key are updated to include
support for Curve448 as prescribed by RFC 7748 §5.

Test suites have been updated to validate curve448 under Montgomery
curves.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 08:02:54 +05:30
TRodziewicz
299510e889 Correction to comments and changelog removed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-09 16:55:11 +02:00
TRodziewicz
7871c2e736 Adding new macro for tests failing
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-09 14:27:04 +02:00
David Horstmann
44f6390c32 Remove redundant hash len check
Remove a check in rsa_rsassa_pkcs1_v15_encode() that
is not needed because the same check is performed
earlier. This check was added in #4707.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-07-08 12:46:26 +01:00
TRodziewicz
458280e67c Correction to outdated comment
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-07 11:33:06 +02:00
Dave Rodgman
45419c1ee5 Revert "Add auto-generated files"
This reverts commit 3e84187132.
2021-07-06 20:44:59 +01:00
TRodziewicz
345165c1f7 Reverting deleted macros
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-06 13:42:11 +02:00
TRodziewicz
302ed2bf7d Reverting the TLS 1.3 compatibility
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-05 16:55:27 +02:00
TRodziewicz
d9be65277d Corrections to the new functions names and error message wording
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-05 15:16:00 +02:00
TRodziewicz
053b99b90b Re-introduction of key slot chekcs
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-05 12:06:03 +02:00
Dave Rodgman
527b82a34c Bump .so version numbers to stay ahead of 2.x
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-07-02 15:19:38 +01:00
Dave Rodgman
3e84187132 Add auto-generated files
Add files generated by running make generated_files

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-07-01 09:45:38 +01:00
Dave Rodgman
7601657418 Bump library version numbers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 23:09:51 +01:00
Dave Rodgman
34d8cd2892 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.0.0rc0-pr 2021-06-30 22:51:02 +01:00
Dave Rodgman
9f5774f56d
Merge pull request #4739 from gabor-mezei-arm/3258_fp30_implement_one-shot_MAC_and_cipher
Implement one-shot cipher
2021-06-30 17:04:23 +01:00
Dave Rodgman
0a7ff4a4e2
Merge pull request #4741 from gabor-mezei-arm/3267_fp30_sign_verify_key_policies
Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
2021-06-30 14:50:57 +01:00
gabor-mezei-arm
5ce25d7806
Remove obsolete comment
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-30 10:46:00 +02:00
Dave Rodgman
dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0
Cleanup SSL error code space
2021-06-30 09:02:55 +01:00
gabor-mezei-arm
00e54f1133
Fix minor issues
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:25 +02:00
gabor-mezei-arm
6158e283cc
Check the return status of the functions first
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:24 +02:00
gabor-mezei-arm
58c1727775
Add buffer overflow check
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:24 +02:00
gabor-mezei-arm
3f860e4c18
Remove invalid buffer overflow check
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:24 +02:00
gabor-mezei-arm
47a8e14bb7
Typo
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:01 +02:00
gabor-mezei-arm
0a93b665f7
Fix possible unreachable code
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:01 +02:00
gabor-mezei-arm
90fceea268
Update documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:01 +02:00
gabor-mezei-arm
258ae07fb0
Add checks for buffer size
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
e5ff8f430c
Use local variable instead of an ouput parameter
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
6f4e5bbe37
Initialize output buffer length to 0
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
0dfeaaf5c9
Remove confising comments
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
9951b50b8a
Remove comments
These comment cannot bring more information than the code does.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
42cdb2a90b
Fix struct initialization
Fix initialization of mbedtls_psa_cipher_operation_t by not initializing the mbedtls_cipher_context_t typed field completely.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
a9449a0b07
Dispatch cipher functions through the driver interface
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:48:59 +02:00
gabor-mezei-arm
ba0fa75eae
Implement one-shot cipher
Implement one-shot cipher APIs, psa_cipher_encrypt and psa_cipher_decrypt, introduced in PSA Crypto API 1.0.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:14:34 +02:00
gabor-mezei-arm
95180fe808
Fix comment
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:33 +02:00
gabor-mezei-arm
43110b6b2c Do key usage policy extension when loading keys
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:05:49 +02:00
Dave Rodgman
39bd5a655e Address review comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 15:25:21 +01:00
Dave Rodgman
c50b717a19 Update a couple of ssl error codes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 14:40:23 +01:00
Dave Rodgman
bed8927538 Correct some TLS alerts and error codes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 12:06:44 +01:00
Dave Rodgman
bb05cd09b7 Remove MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 10:41:06 +01:00
Dave Rodgman
53c8689e88 Introduce new TLS error codes
Introduce new codes:
* MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION
* MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL

These are returned when the corresponding alert is raised.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 10:02:06 +01:00