yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
22528 commits 1 branch 0 tags 94 MiB
Commit graph

9961 commits

Author SHA1 Message Date
Ronald Cron
2a87e9bf83 tls: Align set and usage check for PSK 
Check that the identity length is not
zero in ssl_conf_set_psk_identity()
as it is done in
mbedtls_ssl_conf_has_static_psk().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron
fa1e04a7c4 tls13: keys: Fix PSK build only case 
When deriving the handshake stage master
secret, in the case of a PSK only build,
the only possible key exchange mode is PSK
and there is no ephemeral key exchange
shared secret in that case. Thus do not
error out in that case in the first
phae of the derivation dedicated to the
shared secret.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron
9a6a49c7cb tls13: keys: Fail if the group type is not ECDHE or DHE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron
b15d4d8966 tls13: keys: Fix error code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron
3b056202d3 tls13: keys: Do not use handshake->premaster 
`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.

Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.

Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron
4c7edb2b9b tls13: keys: Fix indentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron
831fee68c3 tls13: keys: Avoid input buffer copy 
In mbedtls_ssl_tls13_evolve_secret() avoid
to copy the input buffer into a local buffer
as the copy is avoidable.

This also fixes a potential overflow as the
size of the local buffer was not checked when
copying into it.

With the current calls to mbedtls_ssl_tls13_evolve_secret()
no buffer overflow was expected to happen though.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Manuel Pégourié-Gonnard
45c6792faf
Merge pull request #6385 from AndrzejKurek/depends-py-reloaded 
Unified tests/scripts/depends.py - reloaded
 2022-10-21 10:17:58 +02:00
Gilles Peskine
c279b2fa4a Move mbedtls_mpi_core_shift_r to the proper source file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-20 11:40:15 +02:00
Gilles Peskine
6641420951 Bignum core: Break shift_r function out of the classic shift_r 
This commit contains the function prototype for mbedtls_mpi_core_shift_r,
and the implementation minimally modified from mbedtls_mpi_shift_r.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-20 11:40:15 +02:00
Gilles Peskine
4281ae0bd2
Merge pull request #6373 from gilles-peskine-arm/bignum-core-conventions 
Spell out bignum core conventions
 2022-10-19 15:53:33 +02:00
Gilles Peskine
db2996357c
Merge pull request #6289 from gabor-mezei-arm/6237_Add_conditional_assign_and_swap_for_bignum 
Bignum: Add safe conditional assign and swap for the new MPI types
 2022-10-19 15:51:19 +02:00
Andrzej Kurek
9387b7b34e Add a temporary solution to create a seedfile 
This caused problems if a config with SHA512 was
compiled after a config without it and the seedfile
did not contain enough data.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
c610e7402e Formatting & unnecessary (void) fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
ecb630925f Fix constant name in ssl_tls13_keys 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
e5a5cc1944 Remove the dependency of tls1_3 key evolution tests on curve25519 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
eabeb30c65 Fix SHA512 vs SHA384 dependencies 
When building SHA512 without SHA384,
there are some code paths that resulted
in unused variables or usage of undefined code.
This commit fixes that.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
c19fb08dd3 Add missing ECDH dependency in tls 1.3 client 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek
68327748d3 Add missing dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek
46a987367c Formatting fix 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek
084334c8f2 Compile constant time masking and hmac if there are suites using MAC 
This is used in TLS 1.2 authentication with NULL cipher,
when there are no TLS_CBC suites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek
2d59dbc032 Use TLS prf only if TLS 1.2 is compiled in 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek
894edde991 Add tls prf handling when there's no SHA256 or SHA384 
Return a null prf function pointer and check for it when populating transform.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek
252283f2aa Fix missing cipher mode dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
David Horstmann
078250eb56 Fix incorrect return style 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-18 18:11:13 +01:00
David Horstmann
178ec96c89 Remove unnecessary NULL assignments 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-18 18:09:30 +01:00
David Horstmann
11307a1933 Clarify wording on allocation 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-17 18:10:23 +01:00
Aditya Deshpande
cfb441d5ee Fix spacing and formatting 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-10-17 15:17:30 +01:00
Gilles Peskine
8874cd570e
Merge pull request #4826 from RcColes/development 
Add LMS implementation
 2022-10-14 18:33:01 +02:00
Aditya Deshpande
40c05cc8e4 Newlines at end of file + trim trailing whitespace 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-10-14 16:46:51 +01:00
Aditya Deshpande
17845b8f71 Add driver wrapper function for raw key agreement, along with test call for transparent drivers. 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-10-14 16:46:00 +01:00
Gilles Peskine
dcd1717f5f Forbid aliasing outputs 
Aliasing between two outputs is hardly ever useful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-14 17:15:21 +02:00
Gabor Mezei
4086de667d
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-10-14 16:29:42 +02:00
Manuel Pégourié-Gonnard
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test 
Enable testing of AEAD drivers with libtestdriver1
 2022-10-14 11:11:01 +02:00
Raef Coles
1951259a10
Update how lms.c imports platform.h 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 16:47:13 +01:00
Ronald Cron
49e4184812
Merge pull request #6299 from xkqian/tls13_add_servername_check 
Add server name check when proposing pre-share key
 2022-10-13 16:00:59 +02:00
Raef Coles
cbd02adc6e
Simplify LMS context freeing 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:30:32 +01:00
Raef Coles
45c4ff93c9
Fix windows requiring explicit cast in LMS calloc 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:30:14 +01:00
Raef Coles
142e577c34
Add extra zeroization to LMS and LMOTS 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:30:03 +01:00
Raef Coles
9fc303a99a
Add extra LMOTS import negative tests 
And fix failures that are related to the new tests

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:30:01 +01:00
Raef Coles
4829459c90
Validate LMOTS sig length before parsing type 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:47 +01:00
Raef Coles
285d44b180
Capitalize "Merkle" in LMS and LMOTS code 
As it is a proper noun

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:43 +01:00
Raef Coles
faf59babe8
Make LMS verification return VERIFY_FAILED more 
To align with PSA error code rules on when VERIFY_FAILED is returned vs
INVALID_ARGUMENT

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:42 +01:00
Raef Coles
fbd60ec775
Change LMS and LMOTS init functions to use memset 
Instead of zeroize

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:40 +01:00
Raef Coles
9b0daf60fb
Improve LMS private function warning 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:38 +01:00
Raef Coles
f6cb5a4826
Fix LMS return statements having incorrect style 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:35 +01:00
Raef Coles
75b4c7790e
Fix LMS internal function documentation 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:34 +01:00
Raef Coles
d48f7e90bb
Allocate LMS C_RANDOM_VALUE as hash size 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:32 +01:00
Raef Coles
1fb2f32ef5
Check LMS offsets are sane at runtime 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:31 +01:00
Raef Coles
e34e3c0e59
Remove unneeded cast in LMS calloc 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:30 +01:00
Raef Coles
370cc43630
Make LMS public key export part of public key api 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:28 +01:00
Raef Coles
e89488debf
Fix bug in LMS public key loading 
To avoid using the type before it is parsed from the signature

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:27 +01:00
Raef Coles
3f6cdd7aab
Fix LMS not checking RNG function return value 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:24 +01:00
Raef Coles
02cf8234b4
Fix ots sig length check in LMS validate function 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:22 +01:00
Raef Coles
f36874a535
Fix error type of lms_import_public_key 
Was returning an incorrect error when bad public key sizes were input

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:21 +01:00
Raef Coles
dc8fb79e09
Simplify LMS private key generation error handling 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:20 +01:00
Raef Coles
be3bdd8240
Rename LMS and LMOTS init/free functions 
To match convention

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:18 +01:00
Raef Coles
29117d2e4e
Update LMS PSA error conversion 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:17 +01:00
Raef Coles
be0c2f9183
Update LMS local variable allocation 
To use a default failure value, and to avoid a call to
psa_hash_operation_init()

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:15 +01:00
Raef Coles
2ac352a322
Make LMS functions args const where required 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:14 +01:00
Raef Coles
5127e859d7
Update LMS and LMOTS dependency macros 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:11 +01:00
Raef Coles
56fe20a473
Move MBEDTLS_PRIVATE required defines into lms.h 
From lmots.h, as it is a private header

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:10 +01:00
Raef Coles
ab300f15e8
Move public header content from lmots.h to lms.h 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:08 +01:00
Raef Coles
0b7da1b787
Fix overflow in LMS context init 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:03 +01:00
Raef Coles
57d5328ad5
Remove MBEDTLS_LM(OT)S prefix from internal macros 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:00 +01:00
Raef Coles
ad05425ab7
Update naming of internal LMS functions 
To comply with the mbedtls_ requirement

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:59 +01:00
Raef Coles
40158e11fc
Add LMOTS test hook to header 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:58 +01:00
Raef Coles
3982040232
Fix LMS zeroization using wrong sizeof type 
Causing a buffer write out of bounds

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:55 +01:00
Raef Coles
98d6e22050
Remove doxygen markup from internal LMS functions 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:54 +01:00
Raef Coles
40f184c83e
Cast LMS allocation sizes to size_t 
To prevent implict casting errors on 64-bit platforms

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:52 +01:00
Raef Coles
1310ecb389
Update LMOTS function documentation 
To avoid CI failure

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:51 +01:00
Raef Coles
9c9027b1a4
Add extra LMS and LMOTS tests 
NULL-message and LMOTS signature leak tests

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:50 +01:00
Raef Coles
fa24f9d6ea
Minor fixes to LMS and LMOTS macros 
Update some names, use the correct macro in certain places.

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:48 +01:00
Raef Coles
0a967ccf9a
Document LMS and LMOTS internal functions 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:47 +01:00
Raef Coles
8738a49d0c
Fix iterator types in LMOTS 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:45 +01:00
Raef Coles
e0a17610d1
Fix LMS/LMOTS if-statement style 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:41 +01:00
Raef Coles
9b88ee5d5d
Fix LMS and LMOTS coding style violations 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:40 +01:00
Raef Coles
366d67d9af
Shorted LMS and LMOTS line-lengths 
To attempt to comply with the 80-char suggestion

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:38 +01:00
Raef Coles
e9479a0264
Update LMS API to support multiple parameter sets 
Parameterise macros to allow variation of sizes

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:36 +01:00
Raef Coles
ab4f87413a
Add MBEDTLS_LMS_PRIVATE define 
To enable private key operations

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:35 +01:00
Raef Coles
ebd35b5b80
Rename LMS internal tree-manipulation functions 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:31 +01:00
Raef Coles
891c613f31
Update LMOTS signature use of temporary variables 
Document them properly, and move random value to a temporary variable

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:29 +01:00
Raef Coles
0c88d4e447
Remove superfluous casts in LMS and LMOTS 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:28 +01:00
Raef Coles
f5632d3efc
Remove MBEDTLS_PRIVATE usage from LMS and LMOTS 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:27 +01:00
Raef Coles
01c71a17b3
Update LMS and LMOTS api 
Fix function names and parameters. Move macros to be more private.
Update implementation.

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:25 +01:00
Raef Coles
c8f9604d7b
Use PSA hashing for LMS and LMOTS 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:23 +01:00
Raef Coles
7dce69a27a
Make LMOTS a private api 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:22 +01:00
Raef Coles
8ff6df538c
Add LMS implementation 
Also an LM-OTS implementation as one is required for LMS.

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:15 +01:00
Manuel Pégourié-Gonnard
02f82bbfa9 Fix MSVC warning 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-13 13:32:02 +02:00
Manuel Pégourié-Gonnard
f155ab9a91 Abort on errors when we should 
We're not strictly required to abort, but at least to leave the context
is an invalid state. For "late" functions like input() and output(),
calling abort() is the easiest way to do that. Do it systematically for
input() and output() by using a wrapper. psa_pake_get_implicit_key() was
already doing it. For "early" function, we can just leave the operation
in its current state which is already invalid.

Restore previous tests about that. Not adding systematic tests, though,
just test the two functions that are the most important, and more likely
to return errors.

Since we now abort in more cases, we need to make sure we don't
invalidate the operation that's going to be re-used later in the test.
For that reason, use a copy of the operation for calls to input() and
output() that are expected to return errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-13 13:20:31 +02:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2 
Include platform.h unconditionally
 2022-10-13 10:19:22 +02:00
Xiaokang Qian
28af501cae Fix the ticket_lifetime equal to 0 issue 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-13 08:18:19 +00:00
Xiaokang Qian
126bf8e4d7 Address some comments 
Delete reference immediately after shallow copy
Fix format issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-13 02:57:15 +00:00
Xiaokang Qian
997669aeeb Fix heap use-after-free corruption issue 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 14:30:27 +00:00
Xiaokang Qian
307a7303fd Rebase and replace session_negotiate 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:14:32 +00:00
Xiaokang Qian
baa4764d77 Fix typo issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian
8730644da1 Move ticket and hostname set code just after shallow-copy 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian
ed3afcd6c3 Fix various typo and macro guards issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian
ed0620cb13 Refine code base on comments 
Move code to proper macro guards protection
Fix typo issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian
03409290d2 Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian
d7adc374d3 Refine the server name compare logic 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian
a3b451f950 Adress kinds of comments base on review 
Rename function name to mbedtls_ssl_session_set_hostname
Add two extra check cases for server name
Fix some coding styles

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian
2f9efd3038 Address comments base on review 
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:49 +00:00
Xiaokang Qian
bc663a0461 Refine code based on commnets 
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:01 +00:00
Xiaokang Qian
adf84a4a8c Remove public api mbedtls_ssl_reset_hostname() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:05:11 +00:00
Xiaokang Qian
be98f96de2 Remove useless hostname check in server side 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:44 +00:00
Xiaokang Qian
6af2a6da74 Fix session save-load overflow issue 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:44 +00:00
Xiaokang Qian
ecd7528c7f Address some comments 
Hostname_len has at least one byte
Change structure serialized_session_tls13
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:44 +00:00
Xiaokang Qian
281fd1bdd8 Add server name check when proposeing pre-share key 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:41 +00:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types 
Test TLS 1.2 builds with each encryption type
 2022-10-12 12:45:50 +02:00
Jerry Yu
c79742303d Remove unnecessary empty line and fix format issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-11 21:22:33 +08:00
Jerry Yu
22c18c1432 Add NULL check in prepare hello 
`session_negotiate` is used directly in `ssl_prepare_client_hello`
without NULL check. Add the check in the beggining to avoid segment
fault.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-11 18:07:19 +08:00
Jerry Yu
c2bfaf00d9 fix wrong typo 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-11 18:07:19 +08:00
Jerry Yu
4f77ecf409 disable session resumption when ticket expired 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-10 22:10:08 +08:00
Jerry Yu
03aa174d7c Improve test message and title 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-10 21:48:37 +08:00
Jerry Yu
6916e70521 fix various issues 
- adjust guards. Remove duplicate guards and adjust format.
- Return success at function end. Not `ret`
- change input len

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-10 21:33:51 +08:00
Jerry Yu
21092062f3 Restrict cipher suite validation to TLS1.3 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-10 21:21:31 +08:00
Gabor Mezei
d7edb1d225
Initialize variable 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-10-10 14:32:09 +02:00
Gabor Mezei
e9c013c222
Handle if parameters are alised 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-10-10 14:26:57 +02:00
Przemek Stekiel
88ade84735 psa_aead_setup: remove redundant tag length check 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-08 17:56:18 +02:00
Przemek Stekiel
6ab50762e0 psa_aead_setup: validate tag length before calling driver setup 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-08 17:54:30 +02:00
Jerry Yu
a99cbfa2d3 fix various issues 
- rename function and variable
- change signature of `ssl_tls13_has_configured_psk`
- remove unnecessary statements
- remove unnecessary local variables
- wrong variable initial value
- improve output message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 14:35:47 +08:00
Jerry Yu
40afab61a8 Add ciphersuite check in set_session 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 14:35:43 +08:00
Jerry Yu
21f9095fa8 Revert "move ciphersuite validation to set_session" 
This reverts commit 19ae6f62c7.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 14:35:34 +08:00
Jerry Yu
379b91a393 add ticket age check 
Remove ticket if it is expired.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 10:21:15 +08:00
David Horstmann
91e20a0580 Refactor macro-spanning ifs in ecdh.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-07 14:08:42 +01:00
David Horstmann
fc735dffd6 Refactor macro-spanning ifs in ecp.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-07 14:08:42 +01:00
David Horstmann
8a7629fd0f Refactor macro-spanning if in asn1write.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-07 14:08:42 +01:00
David Horstmann
2788f6b668 Refactor macro-spanning if in sha512.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-07 14:08:42 +01:00
David Horstmann
687262ca7d Refactor macro-spanning if in sha256.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-07 14:08:42 +01:00
David Horstmann
21b89761f8 Refactor macro-spanning if in ssl_tls13_server.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-07 14:08:42 +01:00
David Horstmann
10be134d8e Refactor macro-spanning if in ssl_msg.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-07 14:08:42 +01:00
David Horstmann
4a28563e84 Refactor macro-spanning ifs in ssl_client.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-07 14:08:42 +01:00
David Horstmann
e0af39a2ef Refactor macro-spanning ifs in ssl_tls12_server.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-07 14:08:36 +01:00
Przemek Stekiel
86679c7bd8 psa_validate_tag_length(): use PSA_WANT_ALG_xxx instead MBEDTLS_PSA_BUILTIN_ALG_xxx guards 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-07 08:24:19 +02:00
Jerry Yu
4a698341c9 Re-org selected_identity parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu
6183cc7470 Re-org binders writer 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu
f75364bee1 Re-organize identities writer 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu
8b41e893a2 fix various issues 
- Re-order code and comments
  - move comment above `write_identities`
  - move `write_binder` above `write_identities`.
- Add has_{psk,identity} into {ticket,psk}_get_{psk,identity}
- rename `*_session_tickets_*` to `_ticket_`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu
19ae6f62c7 move ciphersuite validation to set_session 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu
25ab654781 Add dummy ticket support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu
b300e3c5be add selected_identity parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu
1a0a0f4416 Add binders writer 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu
f7c125917c Add identites writer 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu
0c6105bc9e empty pre_shared_key functions 
To easy review

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu
8897c07075 Add server only guards for psk callback 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
David Horstmann
b21bbef061 Refactor macro-spanning if in ssl_tls12_client.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-06 18:00:51 +01:00
David Horstmann
3b2276a439 Refactor macro-spanning ifs in ssl_tls.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-06 17:59:57 +01:00
Przemek Stekiel
8a05a646f4 Remove psa_driver_get_tag_len() and use PSA_ALG_AEAD_GET_TAG_LENGTH macro instead 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 17:01:58 +02:00
Przemek Stekiel
ff1efc9a84 psa_aead_check_nonce_length: Fix unused variable warining 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 16:53:47 +02:00
David Horstmann
0763ccf04f Refactor ARIA_SELF_TEST_IF_FAIL macro 
Change the ARIA_SELF_TEST_IF_FAIL macro to be more code-style friendly.
Currently it expands to the body of an if statement, which causes
problems for automatic brace-addition for if statements.

Convert the macro to a function-like macro that takes the condition as
an argument and expands to a full if statement inside a do {} while (0)
idiom.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-06 14:32:30 +01:00
Manuel Pégourié-Gonnard
0771d41584 Fix missing length check 
There was a check against the remaining size of the buffer, which used
to be correct, but was broken two commits ago when we started not just
copying the input but also adding to it.

Replace it with a check that the input length is not greater that what's
expected for this step. This guarantees we won't overflow the internal
buffer.

While at it, add an explicit cast to uint8_t when writing the length to
the buffer, so silence an MSVC warning. This cast is safe because we
checked that the length is no larger than 65 or 32 (depending on the
step), so in any case is fits in one byte.

This was found because some lengths had not been adjusted in the test
suite, and instead of failing cleanly, library code performed buffer
overflows. I'll fix the tests in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-06 09:30:34 +02:00
Manuel Pégourié-Gonnard
79617d99ae Fix namespacing issue 
This macro is specific to the Mbed TLS implementation and not part of
the public API, so it shouldn't used the PSA_ namespace.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-05 12:55:50 +02:00
Manuel Pégourié-Gonnard
ec7012dbc7 Fix I/O format of PSA EC J-PAKE for compliance 
The format used by the mbedtls_ecjpake_xxx() APIs and that defined by
the PSA Crypto PAKE extension are quite different; the former is
tailored to the needs of TLS while the later is quite generic and plain.
Previously we only addressed some part of this impedance mismatch: the
different number of I/O rounds, but failed to address the part where the
legacy API adds some extras (length bytes, ECParameters) that shouldn't
be present in the PSA Crypto version. See comments in the code.

Add some length testing as well; would have caught the issue.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-05 12:52:48 +02:00
David Horstmann
ed79483aca Free structs in mbedtls_x509_get_name() on error 
mbedtls_x509_get_name() allocates a linked list of mbedtls_x509_name
structs but does not free these when there is an error, leaving the
caller to free them itself. Change this to cleanup these objects within
the function in case of an error.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-05 11:51:16 +01:00
Gilles Peskine
01af3ddc82 Fixed confusion between number size and limb size; define limb 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-04 16:23:29 +02:00
Gilles Peskine
2926484de1 Describe generic conventions for the bignum core module 
This commit codifies some conventions that result from the original design
goals and others that have emerged after starting the implementation.

* Value ranges
* Bignum parameter naming and ordering
* Sizes
* Aliasing and overlap
* Error handling

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-04 14:51:21 +02:00
Gilles Peskine
7aab2fbe41 Add a short description of what each module does 
There was already a short introduction to _who_ should use each module, but
not to _what_ each module does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-04 14:50:17 +02:00
Gilles Peskine
7f887bdc05 Move license out of Doxygen comment 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-04 14:50:17 +02:00
Gabor Mezei
dba2677597
Update documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-10-03 17:01:02 +02:00
Denis V. Lunev
2df73ae742 mbedtls: fix possible false success in ...check_tags() helpers 
We should report a error when the security check of the security
tag was not made. In the other case false success is possible and
is not observable by the software.

Technically this could lead to a security flaw.

Signed-off-by: Denis V. Lunev <dlunev@gmail.com>
 2022-09-30 17:15:49 +01:00
Gabor Mezei
86dfe384c2
Fix documentation tags to be lower case 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 14:03:04 +02:00
Gabor Mezei
e5b8585f1e
Follow parameter naming convention 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:54:02 +02:00
Gabor Mezei
1c628d5700
Follow parameter naming comvention 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:40 +02:00
Gabor Mezei
3eff425b1a
Use only one limb parameter for assign 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:40 +02:00
Gabor Mezei
81e57021c6
Change the input parameters to be const 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:40 +02:00
Gabor Mezei
2b5bf4cec7
Fix doumentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:40 +02:00
Gabor Mezei
f4dd3b6a6d
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:40 +02:00
Gabor Mezei
cfc0eb8d22
Remove unused parameter 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:39 +02:00
Gabor Mezei
87638a9ead
Add missing include 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:39 +02:00
Gabor Mezei
63c3282ec4
Remove retrun code from mod_raw_cond_assign/swap 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:39 +02:00
Gabor Mezei
24d183aa00
Use the new swap and assign function in the old interface 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:39 +02:00
Gabor Mezei
9f6615f146
Remove argument checking from constant time functions 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:36:39 +02:00
Gabor Mezei
12071d4403
Add conditional assign and swap function for MPI modulus 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:33:35 +02:00
Gabor Mezei
e1d31c4aad
Add conditional swap and assign function for MPI core 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-30 13:33:30 +02:00
Gilles Peskine
845de0898e
Merge pull request #6083 from tom-cosgrove-arm/issue-6015-montgomery-multiplication 
Montgomery multiplication from bignum prototype
 2022-09-30 10:35:21 +02:00
Tom Cosgrove
6da3a3b15f Fix doc regarding aliasing of modulus input to mbedtls_mpi_core_montmul() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-29 17:20:18 +01:00
Victor Barpp Gomes
47c7a732d2 Print RFC 4108 hwSerialNum in hex format 
Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
 2022-09-29 11:34:23 -03:00
Tom Cosgrove
4386ead662 Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-29 14:40:21 +01:00
Przemek Stekiel
ce5b68c7a3 Revert "Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions" 
This reverts commit a82290b727.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-29 15:29:18 +02:00
Ronald Cron
77c691f099
Merge pull request #6194 from xkqian/tls13_add_psk_client_cases 
TLS 1.3: Add PSK client cases
 2022-09-28 17:08:06 +02:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2 
Permissions 2b: TLS 1.3 sigalg selection
 2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2 
Ad-hoc KDF for EC J-PAKE in TLS 1.2
 2022-09-28 09:47:32 +02:00
Xiaokang Qian
ca343ae280 Improve message logs and test cases description in psk 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-09-28 02:07:54 +00:00
Przemek Stekiel
4c49927bad Fix unused variables warnings in default + stream cipher only build 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-27 15:04:14 +02:00
Przemek Stekiel
a82290b727 Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions 
Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C flags - make it consistent.
As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available).
Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-27 15:04:14 +02:00
Przemek Stekiel
89ad62352d Fix guards for mbedtls_ct_size_mask() and mbedtls_ct_memcpy_if_eq() 
Both functions are used when MBEDTLS_SSL_SOME_SUITES_USE_MAC is defined not MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-27 15:04:14 +02:00
Ronald Cron
c27a9074c4 tls13: server: Add comment when trying another sig alg 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-27 10:07:55 +02:00
Xiaokang Qian
cb6e96305f Change kex mode string name 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-09-27 08:02:41 +00:00
Ronald Cron
b72dac4ed7 Fix PSA identifier of RSA_PKCS1V15 signing algorithms 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-27 09:25:47 +02:00
Andrzej Kurek
b510cd2c50 Fix a copy-paste error - wrong macro used 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-26 10:50:22 -04:00
Andrzej Kurek
5603efd525 Improve readability and formatting 
Also use a sizeof instead of a constant for zeroization, as
requested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-26 10:49:16 -04:00
Nick Child
5f9456f3e3 pkcs7: Fix trailing whitespace 
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-26 09:18:12 -05:00
Xiaokang Qian
5beec4b339 Refine ssl_get_kex_mode_str() for easy automatic generation 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-09-26 08:23:45 +00:00
Xiaokang Qian
ac8195f4f7 Fix wrongly kex mode fallback issue in psk cases 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-09-26 06:31:58 +00:00
Gilles Peskine
5596c74a98
Merge pull request #6140 from Zaya-dyno/validation_remove_change_auth_enc 
Validation remove change auth enc
 2022-09-23 17:04:31 +02:00
Gilles Peskine
12a1e85caa
Merge pull request #6138 from Zaya-dyno/validation_remove_change_key_agree 
Validation remove change key agree
 2022-09-23 17:04:20 +02:00
Gilles Peskine
87953f228f
Merge pull request #6091 from Zaya-dyno/validation_remove_change_pk 
Validation remove change pk
 2022-09-23 17:03:30 +02:00
Paul Elliott
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets 
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
 2022-09-23 15:48:33 +01:00
Xiaokang Qian
8939930b82 Rebase and fix some test failures 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-09-23 01:49:33 +00:00
Xiaokang Qian
5001bfc619 Add key exchange mode log in client side 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-09-23 01:49:33 +00:00
XiaokangQian
335cfaadf9 Finalize client side code for psk 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-09-23 01:48:26 +00:00
Jerry Yu
359e65f784 limit session ticket number when resumption 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-22 23:47:43 +08:00
Jerry Yu
f3bdf9dd51 fix various issues 
- improve document about configuration item.
- format issue
- variable type issue.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-22 23:47:14 +08:00
Tom Cosgrove
87d9c6c4d8 Ensure client mbedtls_ssl_handshake_step() returns success for HELLO_REQUEST 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-22 09:27:56 +01:00
Gilles Peskine
07ba2be20b
Merge pull request #6304 from yuhaoth/pr/exclude-pre_shared_key-from-hrr-msg 
TLS 1.3: PSK: Exclude pre_shared_key for HRR
 2022-09-22 10:21:06 +02:00
Manuel Pégourié-Gonnard
1475ac49a4
Merge pull request #6107 from Zaya-dyno/validation_remove_change_hash 
Validation remove change hash
 2022-09-22 09:24:44 +02:00
Manuel Pégourié-Gonnard
d5c82fb821
Merge pull request #6085 from Zaya-dyno/validation_remove_change_cipher 
Validation remove and change in files related to cipher in library
 2022-09-22 09:10:13 +02:00
Jerry Yu
b7e3fa7fbd move count decrement after success sent 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-22 13:21:29 +08:00
Jerry Yu
d0766eca58 fix various issues 
- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-22 13:21:29 +08:00
Tom Cosgrove
2fdc7b3599 Return an error from mbedtls_ssl_handshake_step() if neither client nor server 
This prevents an infinite loop in mbedtls_ssl_handshake(). Fixes #6305.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-21 12:33:17 +01:00
Tom Cosgrove
c573882674 Merge remote-tracking branch 'upstream/development' into issue-6015-montgomery-multiplication 2022-09-21 12:08:43 +01:00
Manuel Pégourié-Gonnard
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up 
Driver only hashes wrap-up
 2022-09-21 08:29:46 +02:00
Tom Cosgrove
4782823ec3 Ensure we explicitly document the modulus for fixed-width arithmetic 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-20 13:51:50 +01:00
Tom Cosgrove
b0b77e1b13 Document and test aliasing of the bignums given to mbedtls_mpi_core_mla() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-20 13:33:40 +01:00
Ronald Cron
067a1e735e tls13: Try reasonable sig alg for CertificateVerify signature 
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 14:30:13 +02:00
Ronald Cron
38391bf9b6 tls13: Do not impose minimum hash size for RSA PSS signatures 
When providing proof of possession of
an RSA private key, allow the usage for RSA
PSS signatures of a hash with a security
level lower that the security level of the
RSA private key.

We did not allow this in the first place to
align with the ECDSA case. But as it is not
mandated by the TLS 1.3 specification (in
contrary to ECDSA), let's allow it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 14:29:41 +02:00
Ronald Cron
67ea2543ed tls13: server: Add sig alg checks when selecting best certificate 
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.

That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 14:26:32 +02:00
Tom Cosgrove
ea45c1d2d4 Document and test aliasing of output for mbedtls_mpi_core_montmul() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-20 13:17:51 +01:00
Jerry Yu
d4e7500a07 Enable multi session tickets on Server 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-19 14:24:03 +08:00
Jerry Yu
1ad7ace6b7 Add conf new session tickets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-19 14:22:21 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Andrzej Kurek
7763829c5c Add missing ifdef when calculating operation capacity 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 12:24:52 -04:00
Andrzej Kurek
3c4c514302 Remove PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 07:24:14 -04:00
Andrzej Kurek
b093650033 Add proper capacity calculation for EC J-PAKE to PMS KDF 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 07:13:00 -04:00
Andrzej Kurek
702776f7cc Restrict the EC J-PAKE to PMS input type to secret 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 06:22:44 -04:00
Jerry Yu
ad4d2bb3e1 Exclude pre_shared_key for HRR 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-16 18:16:49 +08:00
Manuel Pégourié-Gonnard
07018f97d2 Make legacy_or_psa.h public. 
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:02:48 +02:00
Jerry Yu
6ee726e1ab Replace md translation function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-16 16:32:27 +08:00
Jerry Yu
a5df584d87 fix build fail for test_psa_crypto_config_accel_hash_use_psa 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-16 11:28:54 +08:00
Gilles Peskine
ed1c7f4cd7 Include platform.h unconditionally: gcm 
gcm.c had a slightly different pattern for the conditional inclusion of
platform.h which didn't fit the general replacement. Simplify it manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-15 20:34:50 +02:00
Gilles Peskine
e9b55929dc Remove useless platform macro redefinitions: automatic part 
Some source files had code to set mbedtls_xxx aliases when
MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally
by mbedtls/platform.h, so these macro definitions were redundant. Remove
them.

This commit used the following code:
```
perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-15 20:34:15 +02:00
Gilles Peskine
a7aa80c058 Include platform.h unconditionally: second automatic part 
Some source files included platform.h in a nested conditional. The previous
commit "Include platform.h unconditionally: automatic part" only removed
the outer conditional. This commit removes the inner conditional.

This commit once again replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-15 20:34:10 +02:00
Gilles Peskine
945b23c46f Include platform.h unconditionally: automatic part 
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-15 20:33:07 +02:00
Tom Cosgrove
3bd7bc3add Use X rather than A for accumulator-style input (and output!) params, and rename others accordingly 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:55:07 +01:00
Tom Cosgrove
5c0e8104bc Prefer 'fixed-size' to 'known-size' in doc comments 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:46:10 +01:00
Tom Cosgrove
b7438d1f62 Update name of mbedtls_mpi_montg_init() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:05:59 +01:00
Tom Cosgrove
2701deaa4b Use mbedtls_ct_mpi_uint_mask() rather than rolling our own 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:00:07 +01:00
Tom Cosgrove
818d992cc7 Note that T must not overlap other parameters of mbedtls_mpi_core_montmul() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 14:58:10 +01:00
Przemek Stekiel
dca224628b ssl_tls13_select_sig_alg_to_psa_alg: optimize code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel
f937e669bd Guard new code with MBEDTLS_USE_PSA_CRYPTO 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel
3c326f9697 Add function to convert sig_alg to psa alg and use it 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel
b40f2e81ec TLS 1.3: Take into account key policy while picking a signature algorithm 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:10:19 +02:00
Manuel Pégourié-Gonnard
c42c7e660e Update documentation in legacy_or_psa.h 
- Some things that were indicated as in the near future are now done.
- Clarify when these macros are needed and when they're not.
- Prepare to make the header public.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-15 11:28:24 +02:00
Manuel Pégourié-Gonnard
1dc37258de Style: wrap a long line 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-15 11:10:26 +02:00
Manuel Pégourié-Gonnard
409a620dea
Merge pull request #6255 from mprse/md_tls13 
Driver-only hashes: TLS 1.3
 2022-09-15 10:37:46 +02:00
Jerry Yu
0a55cc647c Remove unnecessary var and improve comment 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-15 16:15:06 +08:00
Manuel Pégourié-Gonnard
18dff1f226
Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake 
Expose ECJPAKE through the PSA Crypto API
 2022-09-15 09:25:55 +02:00
Nick Child
8ce1b1afc8 pkcs7: Correct various syntatical mistakes 
Resond to feedback from the following comments:
 - use correct spacing [1-7]
 - remove unnecessary parenthesis [8]
 - fixup comments [9-11]
 - remove unnecessary init work [12]
 - use var instead of type for sizeof [13]
[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953655691
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953661514
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953689929
[4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953696384
[5] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697558
[6] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697793
[7] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697951
[8] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953699102
[9] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r971223775
[10] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967133905
[11] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967135932
[12] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967151430
[13] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967154159
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-14 15:13:52 -05:00
Nick Child
34d5e931cf pkcs7: Use better return code for unimplemented specifications 
In response to feedback [1] [2], use MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE
instead of MBEDTLS_ERR_PKCS7_INVALID_FORMAT for errors due to the
pkcs7 implemntation being incomplete.

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953649079
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953658276

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-14 14:44:03 -05:00
Nick Child
7089ce8381 pkcs7: Handle md errors in multisigner pkcs7 verification 
In resonse to feedback [1], if `mbedtls_md_info_from_type` were to
fail then skip the signer and try the next one.

Additionally, use a for loop instead of a while loop when iterating
over signers because it simplifies the use of `continue`.

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967198650
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-14 14:18:00 -05:00
Andrzej Kurek
d60907b85d Define ECJPAKE_TO_PMS in config_psa only if SHA_256 is available 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 14:57:51 -04:00
Jerry Yu
f7dad3cfbe fix various issues 
- Naming
- format
- Reduce negative tolerance window

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 22:31:39 +08:00
Andrzej Kurek
08d34b8693 Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2 
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:39:26 -04:00
Ronald Cron
208257b39f
Merge pull request #6259 from yuhaoth/pr/add-psk_ephemeral-possible-group-tests 
TLS 1.3: PSK: Add possible group tests for psk with ECDHE
 2022-09-14 14:21:46 +02:00
Przemyslaw Stekiel
ab9b9d4669 ssl_tls13_keys.h: use PSA max hash size 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 13:51:07 +02:00
Przemyslaw Stekiel
da6452578f ssl_tls13_generic.c: fix hash buffer sizes (use PSA_HASH_MAX_SIZE) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 12:50:51 +02:00
Neil Armstrong
6a12a7704d Fix typo in comment 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-14 12:17:42 +02:00
Przemyslaw Stekiel
004c2181f0 ssl_misc.h: hash guards adaptations 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 11:00:57 +02:00
Jerry Yu
acff823846 Add negative tolerance window 
If `now == session->start` or the timer of
client is faster than server, client age might
be bigger than server.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 14:50:44 +08:00
Jerry Yu
95db17ed5f fix various issues 
- improve obfuscated ticket age generator
- improve psk getter

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 10:37:58 +08:00
Przemek Stekiel
0852ef8b96 mbedtls_ssl_reset_transcript_for_hrr: remove redundant 'else' statement 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
9dfbf3a006 ssl_tls13_generic.c: optimize code to save memory 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
153b442cc3 mbedtls_ssl_tls13_sig_alg_is_supported: adapt guards 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
47e3cb1875 ssl_tls13_generic.c: adapt guards for MBEDTLS_SHAxxx_C 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Neil Armstrong
fa84962296 Add comment explaining PSA PAKE vs Mbedtls J-PAKE API matching strategy 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-13 15:19:56 +02:00
Neil Armstrong
3d4966a5cb Move possible input/output steps check inside PSA_ALG_JPAKE handling 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-13 15:19:56 +02:00
Neil Armstrong
017db4cdda Drop calls to mbedtls_ecjpake_check() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-13 15:19:56 +02:00
Neil Armstrong
1d0294f6ed Clarify sequence length calculation comment 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-13 15:19:56 +02:00
Neil Armstrong
cb679f23bc Replace 0s with proper defines when possible 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-13 14:43:07 +02:00
Przemek Stekiel
5166954d14 Make more use of MBEDTLS_MAX_HASH_SIZE macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 12:57:05 +02:00
Jerry Yu
4746b10c2e fix various issues 
- Format issues
- Possible memory leak
- Improve naming and comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 15:37:46 +08:00
Jerry Yu
8d4bbbae4f fix ticket age check issues 
- Ticket age and ticket age add, obfuscated age
  use different unit. Align the units to million
  seconds.
- Add maximum ticket age check. Until now,
  ticket_lifetime is not recorded in server side.
  Check it with maximum ticket_lifetime.
- Free session when error found.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 15:37:46 +08:00
Jerry Yu
46bffe0e82 Refine rsumption master secret compute function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 15:09:49 +08:00
Jerry Yu
466dda8553 Rename resumption master secret compute function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 14:28:15 +08:00
Nick Child
9f4fb3e63f pkcs7: Unite function return style 
In response to feedback[1], standardize return variable
management across all pkcs7 functions.

Additionally, when adding return codes from two error values,
use `MBEDTLS_ERROR_ADD` as recommended [2].

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953634781
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953635128

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-12 16:32:36 -05:00
Neil Armstrong
ecb221b1ff Move operation buffer in operation struct and remove dynamic allocation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-08 11:21:07 +02:00
Hannes Tschofenig
fd6cca4448 CID update to RFC 9146 
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
 2022-09-07 17:15:05 +02:00
Przemek Stekiel
40afdd2791 Make use of MBEDTLS_MAX_HASH_SIZE macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-06 14:18:45 +02:00
Przemek Stekiel
c3f2767c25 hash_info.h: add MBEDTLS_MAX_HASH_SIZE macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-06 14:18:39 +02:00
Neil Armstrong
9720b881f5 Remove doxygen markup outside doxygen block in psa_pake_sequence comment 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-06 11:39:21 +02:00
Neil Armstrong
b39833cff2 Fix typo in psa_pake_sequence comment 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-06 11:36:02 +02:00
Jerry Yu
58af2335d9 Add possible group tests for psk with ECDHE 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 14:49:39 +08:00
Jerry Yu
fd310ebf2d fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 09:16:35 +08:00
Neil Armstrong
bcd5bd933e Add a comment expliciting usage of internal PAKE step/state/sequence enums 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 18:34:12 +02:00
Neil Armstrong
5bbdb70131 Fix style in psa_pake_input() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 17:54:15 +02:00
Tom Cosgrove
67c9247ed9 Move the T++ in mbedtls_mpi_core_montmul() to within the loop body 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 13:28:59 +01:00
Andrzej Kurek
216baca131 pkcs5: improve error handling 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:15:34 -04:00
Andrzej Kurek
e3d544c58f Minor PKCS5 improvements 
Add consts, more elegant size calculation and 
variable initialization.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
3d0dfb99c9 Change the pkcs5_pbkdf2_hmac deprecation approach 
The shared part has now been extracted and will
be used regardless of the deprecation define.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
f000471c66 Add missing MD dependency for pkcs5_pbkdf2_hmac 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
ed98e95c81 Adjust pkcs5 test dependencies 
Hashing via PSA is now supported 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
890e78ae66 Deprecate mbedtls_pkcs5_pbkdf2_hmac 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
dd36c76f09 Provide a version of pkcs5_pbkdf2_hmac without MD usage 
Use the new implementation locally
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard
97fc247d6a
Merge pull request #6232 from AndrzejKurek/pkcs12-no-md 
Remove MD dependency from pkcs12 module
 2022-09-02 09:43:13 +02:00
Nick Child
62b2d7e7d4 pkcs7: Support verification of hash with multiple signers 
Make `mbedtls_pkcs7_signed_hash_verify` loop over all signatures in the
PKCS7 structure and return success if any of them verify successfully.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Daniel Axtens
3538479faa pkcs7: support multiple signers 
Rather than only parsing/verifying one SignerInfo in the SignerInfos
field of the PKCS7 stucture, allow the ability to parse and verify more
than one signature. Verification will return success if any of the signatures
produce a match.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
5d881c36ea pkcs7: Change copyright 
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
6427b34dec pkcs7.c: Use pkcs7_get_version for signerInfo 
The function pkcs7_get_version can be used again
when parsing the version of the signerInfo. Both
require that the version be equal to 1. The
pkcs7_get_version function will return error
if the found value is not the expected version
as opposed to mbedtls_asn1_get_int which does not.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
6671841d91 pkcs7.c: Do not ignore return value of mbedlts_md 
CI was failing due to the return value of mbedtls_md being ignored.
If this function does fail, return early and propogate the md error.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
c448c94fe3 pkcs7: pkcs7_get_content_info_type should reset *p on error 
The function `pkcs7_asn1_get_tag` should return an update pointer only
on success. Currently, the pointer is being updated on a failure case.
This commit resets *p to start if the first call to
mbedtls_asn1_get_tag fails.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Daniel Axtens
aa91d4ef0b pkcs7: build under CMake 
The patch updates CMakeLists.txt to include pkcs7.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-09-01 19:45:41 -05:00
Nayna Jain
673a226698 pkcs7: add support for signed data 
OpenSSL provides APIs to generate only the signted data
format PKCS7 i.e. without content type OID. This patch
adds support to parse the data correctly even if formatted
only as signed data

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:41 -05:00
Nayna Jain
c9deb184b0 mbedtls: add support for pkcs7 
PKCS7 signing format is used by OpenPOWER Key Management, which is
using mbedtls as its crypto library.

This patch adds the limited support of pkcs7 parser and verification
to the mbedtls. The limitations are:

* Only signed data is supported.
* CRLs are not currently handled.
* Single signer is supported.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:33 -05:00
Andrzej Kurek
e16e6edfce Remove the dependency on MD_MAX_SIZE from PKCS12 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-01 08:57:59 -04:00
Andrzej Kurek
7bd12c5d5e Remove MD dependency from pkcs12 module 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-01 08:57:41 -04:00
Tom Cosgrove
f0b2231fcd Update comments at the end of montmul following Gilles' feedback 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:57:34 +01:00
Tom Cosgrove
5eefc3db3f Move macros to come before function declarations 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:16:50 +01:00
Tom Cosgrove
630110ab23 Fix documentation where ciL should be biL 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:15:04 +01:00
Tom Cosgrove
ed43c6caeb In add_if(), B MAY be aliased to A. Also update another comment for consistency. 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:15:04 +01:00
Tom Cosgrove
9354990a54 Don't use multiplication by condition in even a semi-constant time function 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:15:02 +01:00
Jerry Yu
8253486c4f Add session ticket support for server 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Jerry Yu
95699e72f3 Add session ticket identity check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Jerry Yu
661dd943b6 Add dummy server name extension paser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Jerry Yu
e976492a11 Add session ticket tests for client 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Jerry Yu
e6527512d2 Add obfuscated_ticket_age write 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Jerry Yu
49d63f8c36 Implement generate resumption master secret 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Jerry Yu
db8c5faed7 Add getting session ticket for client 
- Move ssl_get_psk_to_offer to `ssl_tls13_client.c`
- Rename to `ssl_tls13_get_psk_to_offer`
- Add session ticket parser

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation 
TLS 1.3: SRV: Finalize external PSK negotiation
 2022-08-31 17:21:57 +02:00
Tuvshinzaya Erdenekhuu
9077dbfd94 Remove NULL pointer validation in poly1305.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:18:14 +01:00
Tuvshinzaya Erdenekhuu
913819e73f Remove NULL pointer validation in chachapoly.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:18:14 +01:00
Tuvshinzaya Erdenekhuu
6a473b2f17 Remove NULL pointer validation in rsa.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:15:59 +01:00
Tuvshinzaya Erdenekhuu
1c5609df09 Remove NULL pointer validation in dhm.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:15:59 +01:00
Tuvshinzaya Erdenekhuu
5893ab02b6 Re-introduce ENUM validation in sha512.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu
3446c2603a Remove NULL pointer validation in sha512.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu
696dfb6b1e Re-introduce ENUM validation in sha256.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu
df2f560316 Remove NULL pointer validation in sha256.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu
6b150ad8fa Remove NULL pointer validation in sha1.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu
c6b8a6704e Re-introduce ENUM validation in gcm.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
505ce0b37e Remove NULL pointer validation in gcm.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
80a6af6ab5 Re-introduce ENUM validation in cipher.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
5ce8e52907 Remove NULL pointer validation in cipher.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
ce8908ed0a Remove NULL pointer validation in chacha20.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
1fd7f98546 Re-introduce ENUM validation in camellia.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
6291b131ca Remove NULL pointer validation in camellia.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
a8ef1565bb Re-introduce ENUM validation in aes.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
cac11d7797 Remove NULL pointer validation in aes.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
c388af63e4 Remove extra spacings 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:25 +01:00
Tuvshinzaya Erdenekhuu
dcf9c96274 Remove NULL pointer validation in pkparse.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:25 +01:00
Tuvshinzaya Erdenekhuu
088e936839 Remove NULL pointer validation in pkwrite.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:25 +01:00
Tuvshinzaya Erdenekhuu
78c1d8c299 Re-introduce ENUM validation in pk.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:25 +01:00
Tuvshinzaya Erdenekhuu
26b39c6c6f Remove NULL pointer validation in pk.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:25 +01:00
Neil Armstrong
f19a3cb613 Use the mbedtls_ecjpake_write_shared_key() to input raw shared key material as derivation secret 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
12663092bc Introduce mbedtls_ecjpake_write_shared_key() to export the EC J-PAKE shared key material before the KDF() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
db05cbfb86 Introduce and use mbedtls_ecjpake_to_psa_error() to translate various ECP/MPI errors to expected PSA errors 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
1e855601ca Fix psa_pake_get_implicit_key() state & add corresponding tests in ecjpake_rounds() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
e92311176a Add missing parentheses on return statements 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
5fb07c6a96 No need to check for state in psa_pake_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
a557cb8c8b Fixing XXX_ALG_ECJPAKE to XXX_ALG_JPAKE to match specification 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
fbc4b4aa8e Fix psa_pake_abort() order to correctly free memory when alg is PSA_ALG_JPAKE 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00