ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-20 23:46:44 +08:00
Code Issues Releases Wiki Activity
22,161 Commits 172 Branches 268 Tags
Commit Graph

9776 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
01a78599b0
Merge pull request #4864 from hanno-arm/upstream_sig_alg_identifers 
TLS 1.3 MVP: Upstream TLS 1.3 SignatureAlgorithm identifiers and configuration API
 2021-08-19 09:12:59 +02:00
Jerry Yu
7899de839c fix comments and format issues 
Change-Id: I927d97f9d788389d6abb9edbda0f7c3e2f8e9b63
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-17 13:26:59 +08:00
Jerry Yu
f7fce9200c Remove rsa_pss_rsae_sha256 from preset_sig_algs. 
To keep consistent with ssl_{clien2t,server2}.

Change-Id: I08dbe47a3d9b778ba3acad283f608fef4e63c626
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-17 13:26:53 +08:00
Archana
0dc86b5a2a
Remove dependency of builtin keys on storage 
The psa_open_key API depends on MBEDTLS_PSA_CRYPTO_STORAGE_C.
This is unnecessary for builtin keys and so is fixed.
Updated an open_fail test vector keeping with the same.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-08-17 02:46:00 +05:30
Paul Elliott
66696b5591 Improve nonce length checks 
Add the missing nonce length checks (this function is being used by
oneshot functions as well as multipart, and thus all cipher suites are
being used) and cover the case where a NULL buffer gets passed in.
Extended the set nonce test to cover this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-08-16 18:44:50 +01:00
Paul Elliott
814fffbd72 Remove overly strict final checks 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-08-16 18:44:42 +01:00
Manuel Pégourié-Gonnard
5e344563e4
Merge pull request #4858 from hanno-arm/upstream_tls13_transforms 
Upstream TLS 1.3 record transformations structure fields
 2021-08-12 12:29:54 +02:00
Manuel Pégourié-Gonnard
2fb897ecf9
Merge pull request #4852 from hanno-arm/unify_cli_srv_hs_step 
Share preparatory code between client and server handshake steps
 2021-08-12 12:24:51 +02:00
Manuel Pégourié-Gonnard
b7745d2323
Merge pull request #4834 from hanno-arm/msg_layer_reset_helper 
Move messaging related session reset into separate helper function
 2021-08-12 12:20:33 +02:00
Manuel Pégourié-Gonnard
409c8f6e1b
Merge pull request #4851 from hanno-arm/hs_msg_without_checksum 
Add handshake message writing variant that doesn't update checksum
 2021-08-12 11:54:10 +02:00
Hanno Becker
30319f1f88 Remove misplaced comment in TLS 1.3 ciphersuite definitions 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:31:14 +01:00
Hanno Becker
71f1ed66c2 Add identifiers and API for configuration of TLS 1.3 key exchanges 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:28:45 +01:00
Hanno Becker
e2defad0bb Fix indentation of pre-existing code-block in ssl_tls.c 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:28:45 +01:00
Hanno Becker
8ca26923eb Add TLS 1.3 ciphersuites 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:28:45 +01:00
Hanno Becker
e043d15d75 Turn comments of 1.3 record transforms into Doxygen documentation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:22:52 +01:00
Dave Rodgman
2aec149e13
Merge pull request #4248 from hanno-arm/tls13_populate_transform 
Fix and test compliance of TLS 1.3 record protection
 2021-08-11 16:41:51 +01:00
gabor-mezei-arm
d112534585 Add a new file for constant-time functions 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-08-11 15:35:28 +02:00
Hanno Becker
deb68ce2d1 Fix guard around TLS 1.3 SigAlg configuration 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-10 16:04:05 +01:00
Hanno Becker
9c6aa7bb9a Add default values for TLS 1.3 SigAlg configuration 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-10 13:55:49 +01:00
Hanno Becker
1cd6e0021f Add experimental API for configuration of TLS 1.3 sig algs 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-10 13:55:43 +01:00
Mateusz Starzyk
2f1754916c Improve comment on local_output. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 14:00:14 +02:00
Mateusz Starzyk
b73c3ec1bc Restore MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED as default ret. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 14:00:14 +02:00
Mateusz Starzyk
62d22f9782 Use additional state in CCM to track auth data input. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 14:00:14 +02:00
Mateusz Starzyk
4f2dd8aada Fix errors returned by CCM functions. 
Add new error code for calling functions in wrong order.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 14:00:14 +02:00
Mateusz Starzyk
f337850738 Use const size buffer for local output in CCM decryption. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:59:36 +02:00
Mateusz Starzyk
c562788068 Fix local buffer allocation conditions. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:58:39 +02:00
Mateusz Starzyk
c8bdf36a72 Validate tag pointer in ccm function. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:58:39 +02:00
Mateusz Starzyk
1bda9451ef Factor out common code from ccm decrypt functions. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:58:39 +02:00
Mateusz Starzyk
eb395c00c9 Move 'Authenticated decryption' comment. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:58:39 +02:00
Mateusz Starzyk
22f7a35ca4 Do not use output buffer for internal XOR during decryption. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:58:39 +02:00
Mateusz Starzyk
36d3b89c84 Verify input data lengths. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
2d5652acee Move ccm error state handling. 
Remove error clearing from ccm_starts() and ccm_set_lengths().
Add error check in ccm_update_ad(), ccm_update() and ccm_finish().

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
5d97601e81 Remove ccm input validation. 
VALIDATE and VALIDATE_RET macros are obsolete.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
ca9dc8d1d7 Rename ccm_calculate_first_block function. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
c52220d775 Clear temporary buffer after block crypt operation. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
a9cbdfbb34 Replace ccm status flags with bitshifts. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
663055f784 Remove UPDATE_CBC macro and working b buffer. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
20bac2fbe4 Fix chunked ccm update. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
05e92d67bb Fix crypt mode configuration. Validate parameters in chunked input functions. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
6a15bcf61b Add support for chunked plaintext/cyphertext input. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
2ad7d8e1ff Replace CCM_CRYPT macro with a more versatile static function. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
33392450b7 Add chunked auth data support 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
eb2ca96d69 Store set lenghts in ccm context. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
88c4d624f8 Clear context state if previous operation failed. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
793692cbcb Split ccm_auth function. 
Move logic to ccm_starts, ccm_set_lengths, ccm_update_ad,
ccm_update and ccm_finish
Use separate variable to track context state.
Encode first block only if both mbedtls_ccm_starts() and
mbedtls_ccm_set_lengths() were called.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Mateusz Starzyk
89d469cdb4 Move working variables to ccm context structure 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-10 13:56:37 +02:00
Hanno Becker
3aa186f946 Add transforms to be used for TLS 1.3 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-10 09:24:19 +01:00
Jerry Yu
b9930e7d70 Add dummy tls1.3 handshake dispatch functions 
Base on version config, `handshack_{clinet,server}_step`
will call different step function. TLS1.3 features will
be gradully added base on it.

And a new test cases is added to make sure it reports
`feature is not available`.

Change-Id: I4f0e36cb610f5aa59f97910fb8204bfbf2825949
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-10 13:34:32 +08:00
Jerry Yu
3cc4c2a506 Add dummy ssl_tls13_{client,server}.c 
Change-Id: Ic1cd1d55b097f5a31c9f48e9d55733d75ab49982
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-10 13:34:32 +08:00
Jerry Yu
60835a88c3 Add config check utils functions 
Check configuration parameter in structure setup
function to make sure the config data is available
and valid.

Current implementation checks the version config.
Available version configs are
- tls1_3 only
- tls1_2 only

issues: #4844

Change-Id: Ia762bd3d817440ae130b45f19b80a2868afae924
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-10 13:34:32 +08:00