Commit graph

12628 commits

Author SHA1 Message Date
Gilles Peskine
43643c4714 Remove now-redundant guard
fixup "mbedtls_pk_get_psa_attributes: require MBEDTLS_PSA_CRYPTO_C"

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-25 13:21:59 +01:00
Gilles Peskine
9cd2e9ad1b mbedtls_pk_get_psa_attributes: require MBEDTLS_PSA_CRYPTO_C
Ideally this and other pk functions would work with
MBEDTLS_PSA_CRYPTO_CLIENT (i.e. whether PSA API functions are implemented
locally or via client-server communication). However, at the moment, some
helper functions are missing when MBEDTLS_PSA_CRYPTO_C is disabled, at least
mbedtls_ecc_group_to_psa(). For the time being, don't provide
mbedtls_pk_get_psa_attributes() when MBEDTLS_PSA_CRYPTO_C is disabled. We
can improve later, looking generally at a group of functions to generalize,
not mixed with delivering new APIs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-24 22:10:50 +01:00
Gilles Peskine
55effd9456 Fix the build with MBEDTLS_RSA_ALT
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
c09df2f24c Unify want_private detection
This commit makes the code arguably slightly simpler and fixes the build
with clang -Wimplicit-fallthrough. No intended semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
f3dbc98d96 mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_USE_PSA_EC_DATA
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
7354f1e178 Allow building with MBEDTLS_PK_USE_PSA_EC_DATA && MBEDTLS_ECP_C
This isn't officially supported, but it's convenient to build the library
this way for quick testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
758d8c7631 mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_OPAQUE
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
ace7c7721e mbedtls_pk_get_psa_attributes: ECC support
Add code and unit tests for MBEDTLS_PK_ECxxx in
mbedtls_pk_get_psa_attributes().

This commit only supports built-in ECC (MBEDTLS_ECP_C). A subsequent commit
will handle driver-only ECC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
6ea18361df mbedtls_pk_get_psa_attributes: RSA support
Add code and unit tests for MBEDTLS_PK_RSA in mbedtls_pk_get_psa_attributes().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
1f97e73114 mbedtls_pk_get_psa_attributes: force enrollment algorithm off
This avoids a possible gotcha when if the application code reuses an
existing attribute structure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
0b17255da1 Introduce mbedtls_pk_get_psa_attributes
Follow the specification in https://github.com/Mbed-TLS/mbedtls/pull/8657
as of dd77343381, i.e.
dd77343381/docs/architecture/psa-migration/psa-legacy-bridges.md (api-to-create-a-psa-key-from-a-pk-context)

This commit introduces the function declaration, its documentation, the
definition without the interesting parts and a negative unit test function.
Subsequent commits will add RSA, ECC and PK_OPAQUE support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Waleed Elmelegy
f0ccf46713 Add minor cosmetic changes to record size limit changelog and comments
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-12 10:52:45 +00:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
2024-01-11 13:34:09 +00:00
Paul Elliott
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development
Fix bug in mbedtls_x509_set_extension
2024-01-10 16:57:16 +00:00
Waleed Elmelegy
3ff472441a Fix warning in ssl_tls13_generic.c
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f501790ff2 Improve comments across record size limit changes
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
fbe42743eb Fix issue in checking in writing extensions
Fix issue in checking if server received
record size limit extension.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
e1ac98d888 remove mbedtls_ssl_is_record_size_limit_valid function
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
d2fc90e024 Stop sending record size limit extension if it's not sent from client
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
148dfb6457 Change record size limit writing function
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
47d2946943 tls13: server: write Record Size Limit ext in EncryptedExtensions
- add the support in library
- update corresponding test cases.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
42017cd4c9 tls13: cli: write Record Size Limit ext in ClientHello
- add the support in library
- update corresponding test case

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
faf70bdf9d ssl_tls13_generic: check value of RecordSizeLimit in helper function
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
a8b4291836 tls13: add generic function to write Record Size Limit ext
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Jonathan Winzig
5caf20ea80
Update fix to be more platform-independent
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 16:41:10 +01:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
Jonathan Winzig
05c722bfd0 Fix Issue #8687
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 15:20:03 +01:00
Manuel Pégourié-Gonnard
4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598
[G5] Make block_cipher work with PSA
2024-01-08 08:07:53 +00:00
Waleed-Ziad Maamoun-Elmelegy
e2d3db5cfc
Update mbedtls_ssl_get_output_record_size_limit signature
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com>
2024-01-05 14:19:16 +00:00
Dave Rodgman
a021d63bf7
Merge pull request #8642 from daverodgman/default-compiler-all
CI perf: Use clang by default in all.sh
2024-01-04 12:58:54 +00:00
Manuel Pégourié-Gonnard
5bad043c06
Merge pull request #8641 from valeriosetti/issue8358
G3-G4 wrap-up
2024-01-04 10:48:00 +00:00
Valerio Setti
c1c6858bfc cipher_wrap: fix guards for some CCM/GCM functions
Legacy CCM and GCM can work even when AES_C is not defined thanks
to the block_cipher module, so we can relax guards in
cipher_wrap.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 17:20:58 +01:00
Dave Rodgman
84125a167e Merge remote-tracking branch 'origin/development' into default-compiler-all
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-02 11:42:38 +00:00
Valerio Setti
e581e140cc oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 16:35:58 +01:00
Waleed Elmelegy
6a971fd61a Refactor and improve Record size limit handling
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-28 17:48:16 +00:00
Valerio Setti
1fff4f2012 psa: add key_type as input parameter of psa_can_do_cipher()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 18:33:17 +01:00
Valerio Setti
1994e72e18 check_config/block_cipher: minor improvements
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 18:33:04 +01:00
Valerio Setti
a69e872001 pkcs[5/12]: add CIPHER_C for [en/de]crypting functions
This commit also updates corresponding test suites.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-21 16:39:04 +01:00
Dave Rodgman
3bc249959c
Merge branch 'development' into default-compiler-all
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-21 14:35:14 +00:00
Tom Cosgrove
c6088eceb4
Merge pull request #8384 from paul-elliott-arm/remove_ssl_null_tls12
Remove NULLing of ssl context in TLS1.2 transform population
2023-12-21 13:28:09 +00:00
Gilles Peskine
4bf4473ef0
Merge pull request #8633 from Wenxing-hou/clear_clienthello_comment
Make clienthello comment clear
2023-12-21 12:09:23 +00:00
Gilles Peskine
0e6fdc4f1d
Merge pull request #8342 from yanesca/threading_test_pc
Threading test proof of concept and plan
2023-12-21 12:08:41 +00:00
Waleed Elmelegy
65e3046e18 Fix code style in ssl_tls.c
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:55:10 +00:00
Waleed Elmelegy
049cd302ed Refactor record size limit extension handling
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:28:31 +00:00
Tomi Fontanilles
851d8df58d fix/work around dependency issues when !MBEDTLS_ECP_C
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2023-12-20 13:09:27 +02:00
Tomi Fontanilles
9f41770313 pk_*: remove remaining references to MBEDTLS_PSA_CRYPTO_C
For real this time.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 13:05:55 +02:00
Tomi Fontanilles
bad170e159 pk: remove last references to MBEDTLS_PSA_CRYPTO_C
They are replaced by MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00