Commit graph

19630 commits

Author SHA1 Message Date
XiaokangQian
f8ceb94fe7 Fix the parse_sig_alg_ext fail issue
Change-Id: Ib31e0929c5b6868ab6c3023b20472321fc07ba3c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
8f9dfe41c0 Fix comments about coding styles and test cases
Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8 Fix comments and remove hrr related code
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
ed582dd023 Update based on comments
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello

Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
4080a7f687 Change code style and some share functions
Change variables and functions name style
Refine supported_version
Refine client hello parse

Change-Id: Iabc1db51e791588f999c60db464326e2bdf7b2c4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
9b5d04b078 Share parse_key_share() between client and server
Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
c4b8c99a38 Rebase and solve conflicts and issues
Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
8840888fbc Fix some CI issues
Change-Id: I68ee024f29b7b8dd586f2c45e91950657e76bad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
c5763b5efd Change some code style
Change-Id: I67bb642e81693489345867ca87d7e9daa22f83ea
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
3207a32b1e Fix unused parameter issue and not defined cookie issue
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
7ac3ab3404 Add hello retry request count for server
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
a9c58419f2 Fix compile and test issues
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
5e4528cd12 Add test cases for server side parse client hello
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
7807f9f5c9 Add client hello into server side
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
Ronald Cron
fd8cbda3ec Remove ECDH code specific to TLS 1.3
ECDH operations in TLS 1.3 are now done through PSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Ronald Cron
9d0a3e8296 generate_tls13_compat_tests.py: Fix/Unify parameter ordering
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Ronald Cron
df5f8681cc ssl-opt.sh: Fix/Unify TLS 1.3 test descriptions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Ronald Cron
fd6193c285 ssl_tls13_client: Add downgrade attack protection
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Ronald Cron
217d699d85 Fix Doxygen marks
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:28:51 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Gilles Peskine
f4d70b2944
Merge pull request #5608 from AndrzejKurek/raw-key-agreement-fail
Add a test for a raw key agreement failure
2022-04-19 14:00:48 +02:00
Manuel Pégourié-Gonnard
46435f05e1
Merge pull request #5706 from hanno-arm/bn_mul_cleanup
Simplify structure of bignum inline assembly
2022-04-19 11:30:05 +02:00
Hanno Becker
606cb1626f Add comment explaining structure of UMAAL assembly
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-17 06:59:33 +01:00
Hanno Becker
d46d96cc3f Add 2-fold unrolled assembly for umaal based multiplication
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-17 06:19:55 +01:00
Hanno Becker
63eb28c728 Use separate counters for 8-fold and single multiplication steps
Compilers are likely to generate shorter assembly for loops of the
form `while( cnt-- ) { ... }` rather than
`for( ; count >= X; count -= X ) { ... }`. (E.g. the latter needs
a subtract+compare+branch after each loop, while the former only
needs decrement+branch).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-17 06:16:03 +01:00
Hanno Becker
eacf3b9eb4 Simplify organization of inline assembly for bignum
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-17 06:16:03 +01:00
Gilles Peskine
5bd0b51048 Use terse output from lsof
This both simplifies parsing a little, and suppresses warnings. Suppressing
warnings is both good and bad: on the one hand it resolves problems such as
https://github.com/Mbed-TLS/mbedtls/issues/5731, on the other hand it may
hide clues as to why lsof wouldn't be working as expected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:34:23 +02:00
Gilles Peskine
a841c2a20f test_cmake_out_of_source: run an ssl-opt test case that exists
component_test_cmake_out_of_source was running the ssl-opt.sh test case
"Fallback SCSV: beginning of list", but this test case was removed in Mbed
TLS 3.0, so ssl-opt.sh was running nothing, which is not an effective test.
In 2.x, the test case was chosen because it uses an additional auxiliary
program tests/scripts/tcp_client.pl. This auxiliary program is no longer
used. So instead, run at least one test case that's sure to exist.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:31:25 +02:00
Gilles Peskine
7393ec5ccf test_cmake_out_of_source: validate that ssl-opt passed
If the ssl-opt test case was skipped, the test was ineffective.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:30:24 +02:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Manuel Pégourié-Gonnard
63ed7cbf36
Merge pull request #5701 from hanno-arm/mpi_mul_hlp
Make size of output in mpi_mul_hlp() explicit
2022-04-15 10:09:06 +02:00
Glenn Strauss
8315811ea7 Remove restrictive proto ver negotiation checks
Overly restrictive protocol version negotiation checks might be
"version intolerant".  TLS 1.3 and DTLS 1.3 move the version to
the "supported_versions" ClientHello extension.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
bbdc83b55b Use mbedtls_ssl_protocol_version in public structs
Use mbedtls_ssl_protocol_version in public structs, even when doing
so results in a binary-incompatible change to the public structure

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
59b0d54ba0 Convert tests to use mbedtls_ssl_conf_(min|max)_tls_version()
Replace use of mbedtls_ssl_conf_(min/max)_version()

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
d09b343ffc Deprecate mbedtls_ssl_conf_(min/max)_version()
Deprecate mbedtls_ssl_conf_max_version()
Replaced with mbedtls_ssl_conf_max_tls_version()

Deprecate mbedtls_ssl_conf_min_version()
Replaced with mbedtls_ssl_conf_min_tls_version()

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
39e624ca76 Convert tests to use MBEDTLS_SSL_VERSION_TLS1_*
(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
cd78df6aa4 handshake->min_minor_ver to ->min_tls_version
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
041a37635b Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks
mbedtls no longer supports earlier TLS protocol versions

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d mbedtls_ssl_config min_tls_version, max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).

New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:39:43 -04:00
Glenn Strauss
da7851c825 Rename mbedtls_ssl_session minor_ver to tls_version
Store the TLS version instead of minor version number in tls_version.

Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms.  The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.

Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:57 -04:00
Glenn Strauss
07c641605e Rename mbedtls_ssl_transform minor_ver to tls_version
Store the TLS version in tls_version instead of minor version number.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:54 -04:00
Glenn Strauss
dff84620a0 Unify internal/external TLS protocol version enums
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 13:45:20 -04:00
Anton Komlev
ca947a4afa Fix Windows build host detection
Signed-off-by: Anton Komlev <anton.komlev@arm.com>
2022-04-14 15:22:11 +01:00
Andrzej Kurek
83e60eef4d tests: fix bitflip comment
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-14 08:51:41 -04:00
Gilles Peskine
473d585abf
Merge pull request #5006 from JoeSubbiani/CleanCompat.sh2_dev
clean up compat.sh
2022-04-14 14:04:33 +02:00
Hanno Becker
3577131bb4 Reintroduce trimming of input in mbedtls_mpi_mul_int()
Removing the trimming has significant memory impact. While it is clearly what
we want to do eventually for constant-time'ness, it should be fixed alongside
a strategy to contain the ramifications on memory usage.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-14 11:52:11 +01:00
Gilles Peskine
e2c342b9bf Don't test with all-but-one elliptic curves
`curves.pl` (invoked by `all.sh test_depends_curves`, and
`all.sh test_depends_curves_psa`) currently runs two series of tests:
* For each curve, test with only that curve enabled.
* For each curve, test with all curves but that one.

Originally this script was introduced to validate test dependencies, and for
that all-but-one gives better results because it handles test cases that
require multiple curves. Then we extended the script to also test with a
single curve, which matches many real-world setups and catches some product
bugs. Single-curve testing also validates test dependencies in a more
limited way.

Remove all-but-one curve testing, because it doesn't add much to the test
coverage. Mainly, this means that we now won't detect if a test case
declares two curve dependencies but actually also depends on a third. This
is an acceptable loss.

The trigger for removing all-but-one curve testing is that this will make
the job take only about half as long, and the length of the job was a bit of
a problem. Resolves #5729.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 12:00:17 +02:00
Manuel Pégourié-Gonnard
636b5f10da Add comment in compat.sh about callers
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-14 09:21:56 +02:00