yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
17253 commits 1 branch 0 tags 94 MiB
Commit graph

4842 commits

Author SHA1 Message Date
Mateusz Starzyk
e35f8f6a77 Move MBEDTLS_CHECK_RETURN to platform_util. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-09-27 19:15:56 +02:00
Gilles Peskine
7820a574f1 Catch failures of AES or DES operations 
Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-09-27 16:22:08 +02:00
Gilles Peskine
4b627af36c New macro MBEDTLS_CHECK_RETURN 
Put this macro before a function declaration to indicate that its result
must be checked. This commit supports GCC-like compilers and MSVC >=2012.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-09-27 16:22:08 +02:00
Gilles Peskine
b19be6b5f3
Merge pull request #1638 from dgreen-arm/check-names-rewrite 
Rewrite check-names.sh in python
 2021-09-27 12:28:53 +02:00
Gilles Peskine
bd4960c8c8
Merge pull request #4961 from mpg/doc-use-psa-crypto 
Document effects of  `MBEDTLS_USE_PSA_CRYPTO`
 2021-09-24 20:42:30 +02:00
Yuto Takano
c3a6f63c99 Merge updates from upstream development branch into check-names-rewrite 
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
 2021-09-24 18:02:56 +01:00
Ronald Cron
f2cb19f921
Merge pull request #4891 from yuhaoth/pr/enable-key-exchange-in-client-hello 
TLS1.3: Client Hello : Add  extensions and test case.
 2021-09-23 18:45:01 +02:00
Gilles Peskine
f0f2294f57
Merge pull request #4708 from mstarzyk-mobica/ccm_chunked 
Ccm chunked - enable multipart CCM in PSA
 2021-09-21 13:46:52 +02:00
Manuel Pégourié-Gonnard
200bcf77f8 Remove warning about PSA Crypto being beta 
The API reached 1.0.0 some time ago, and we've caught up with the
incompatible changes already.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-09-21 12:59:26 +02:00
Manuel Pégourié-Gonnard
13b0bebf7d Add docs/use-psa-crypto.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-09-21 12:59:25 +02:00
Jerry Yu
e226cef124 Add NamedGroup IANA values and helper functions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-08 09:52:15 +08:00
Jerry Yu
1bc2c1f1a3 fix various issues 
fix comments, format and name conversion issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-03 16:29:20 +08:00
Jerry Yu
a2cf7bd243 fix comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-03 16:29:20 +08:00
Jerry Yu
995ecd396f fix wrong iana values and comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-03 16:29:20 +08:00
Jerry Yu
b3317e1a01 Add extension types in rfc8446 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-03 16:29:19 +08:00
Jerry Yu
7984d9931e Add tls1.3 extension IANA values 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-03 16:29:19 +08:00
Jerry Yu
a13c7e739c add dummy client hello process 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-03 16:29:19 +08:00
Mateusz Starzyk
7251eda6ff Replace BAD_SEQUENCE error with BAD_INPUT 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-09-01 13:26:44 +02:00
Mateusz Starzyk
e40ae6bbed Fix typo 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-09-01 12:47:49 +02:00
Manuel Pégourié-Gonnard
e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api 
Add TLS 1.3 ciphersuite and key exchange identifiers and API
 2021-08-30 09:47:46 +02:00
Jerry Yu
cadebe5343 fix several format and comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-25 18:13:42 +08:00
Mateusz Starzyk
cbefb6ba4d Merge branch 'development' into ccm_chunked 
Conflicts:
	library/ccm.c

Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro.
Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro
used in development branch on the 'b' buffer, because the 'b'
buffer is removed in current branch.
 2021-08-24 15:14:23 +02:00
Andrey Starodubtsev
90cc33aad6 Misprint was fixed 
Signed-off-by: Andrey Starodubtsev <andrey.starodubtsev@gmail.com>
 2021-08-23 12:20:41 +03:00
Manuel Pégourié-Gonnard
01a78599b0
Merge pull request #4864 from hanno-arm/upstream_sig_alg_identifers 
TLS 1.3 MVP: Upstream TLS 1.3 SignatureAlgorithm identifiers and configuration API
 2021-08-19 09:12:59 +02:00
Jerry Yu
447a3bee17 fix wrong typo and format issues 
Change-Id: I99a4c7d28c26bfcc43bc8947485d1dfafb6974dc
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-18 09:55:36 +08:00
Manuel Pégourié-Gonnard
684543a3a8
Merge pull request #4807 from hanno-arm/bio_recv_ret_0_eof 
Document that returning 0 from the recv callback means EOF
 2021-08-17 10:30:46 +02:00
Jerry Yu
7899de839c fix comments and format issues 
Change-Id: I927d97f9d788389d6abb9edbda0f7c3e2f8e9b63
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-17 13:26:59 +08:00
Manuel Pégourié-Gonnard
93a3ca6caf
Merge pull request #4413 from gilles-peskine-arm/tls_ext_cid-config 
Allow configuring MBEDTLS_TLS_EXT_CID at compile time
 2021-08-13 10:49:50 +02:00
Gilles Peskine
7dd2f504b3 Allow configuring MBEDTLS_TLS_EXT_CID at compile time 
The numerical identifier of the CID extension hasn't been settled yet
and different implementations use values from different drafts. Allow
configuring the value at compile time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-08-12 10:31:01 +02:00
Hanno Becker
5d045a8b89 Stick to 'ephemeral' instead of ECDHE for TLS 1.3 key exchanges 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:31:14 +01:00
Hanno Becker
674f9480cf Fix typo: algorithmc -> algorithms 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:31:14 +01:00
Hanno Becker
d4fa9bc710 Remove outdated mentioning of version-specific ciphersuite config 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:31:14 +01:00
Hanno Becker
a2535931ac Add Doxygen documentation for TLS 1.3 key exchange macros 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:31:14 +01:00
Hanno Becker
71f1ed66c2 Add identifiers and API for configuration of TLS 1.3 key exchanges 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:28:45 +01:00
Hanno Becker
e486b2d7bb Document use of mbedtls_ssl_conf_ciphersuites() for TLS 1.3 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:28:45 +01:00
Hanno Becker
8ca26923eb Add TLS 1.3 ciphersuites 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:28:45 +01:00
Hanno Becker
e043d15d75 Turn comments of 1.3 record transforms into Doxygen documentation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:22:52 +01:00
Hanno Becker
1cd6e0021f Add experimental API for configuration of TLS 1.3 sig algs 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-10 13:55:43 +01:00
Hanno Becker
551265f879 Add TLS 1.3 IANA signature-algorithm values 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-10 13:03:48 +01:00
Mateusz Starzyk
a42f9537b5 Improve documentation for CCM's processed variable. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 14:00:14 +02:00
Mateusz Starzyk
4f2dd8aada Fix errors returned by CCM functions. 
Add new error code for calling functions in wrong order.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 14:00:14 +02:00
Mateusz Starzyk
f337850738 Use const size buffer for local output in CCM decryption. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:59:36 +02:00
Mateusz Starzyk
22f7a35ca4 Do not use output buffer for internal XOR during decryption. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:58:39 +02:00
Mateusz Starzyk
4df9ac4882 Reorganize ccm context structure. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
663055f784 Remove UPDATE_CBC macro and working b buffer. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
eb2ca96d69 Store set lenghts in ccm context. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
793692cbcb Split ccm_auth function. 
Move logic to ccm_starts, ccm_set_lengths, ccm_update_ad,
ccm_update and ccm_finish
Use separate variable to track context state.
Encode first block only if both mbedtls_ccm_starts() and
mbedtls_ccm_set_lengths() were called.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
89d469cdb4 Move working variables to ccm context structure 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Yuto Takano
7828ca2ea4 Fix typos pointed out by check_names 
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
 2021-08-10 11:26:15 +01:00
Hanno Becker
3aa186f946 Add transforms to be used for TLS 1.3 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-10 09:24:19 +01:00