ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-07-22 17:25:38 +08:00
Code Issues Releases Wiki Activity
29,227 Commits 173 Branches 272 Tags
Commit Graph

12742 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
f057ecfedf Use MD not low-level sha256/512 in TLS 
Same reasoning as in previous commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-24 13:30:55 +01:00
Manuel Pégourié-Gonnard
2cd751465c Use MD, not low-level SHA1, in X.509 
X.509 already depends on MD_C || USE_PSA_CRYPTO, and this is for the
!USE_PSA_CRYPTO branch, so we're free to use MD.

This change supports our ability to use MBEDTLS_MD_CAN_xxx macros
everywhere in the future, once they have been introduced.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-24 12:37:07 +01:00
Manuel Pégourié-Gonnard
0ac71c0d92 Make debug statement more portable 
There's little reason for accessing the hash implementation's internal
state, its output contains most of the same information.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-24 12:13:55 +01:00
Paul Elliott
a3b625b0a1
Merge pull request #7098 from gilles-peskine-arm/retval-non-empty 
Pacify Clang 15 about empty \retval
 2023-02-24 09:10:53 +00:00
Przemek Stekiel
d93de32267 Move to computation stage only on successfull setup 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-24 08:39:49 +01:00
Jerry Yu
ba1e78f1c2 fix code style and comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-24 11:18:16 +08:00
Manuel Pégourié-Gonnard
1e57abd3ec Group MD_LIGHT and MD_C parts of md.c 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-23 20:45:26 +01:00
Przemek Stekiel
083745e097 Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-23 17:28:23 +01:00
David Horstmann
ce16474d91 Correct INT_MAX overflow check to UINT_MAX 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-23 13:50:48 +00:00
Manuel Pégourié-Gonnard
0d4152186d Make MBEDTLS_MD_LIGHT private for now. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-23 13:02:13 +01:00
Ronald Cron
1aa6e8d6e9 Restore same PSK length enforcement 
Restore same PSK length enforcement in
conf_psk and set_hs_psk, whether the
negotiated protocol is TLS 1.2 or TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-23 09:48:50 +01:00
Manuel Pégourié-Gonnard
f78a10052c
Merge pull request #7047 from mpg/tls-hash-errors 
Handle errors from hash functions in TLS code
 2023-02-23 08:49:55 +01:00
Valerio Setti
1ad9ef2132 ssl: use new macros for ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-23 08:15:09 +01:00
Jerry Yu
029e659bbb Return seconds when clock_gettime error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-23 11:25:36 +08:00
Jerry Yu
947bf969e0 Improve readability of expansion size 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-23 11:07:57 +08:00
Jerry Yu
fac5a54f8a fix code style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-23 10:13:40 +08:00
David Horstmann
376e8df9d6 Clarify structure of parsing with comments: 
1. Parse through to get the required buffer length.
2. Having allocated a buffer, parse into the buffer.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
89d67bd472 Remove superfluous sizeof(unsigned char) 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
7cdfda12da Fixup: Correct signedness of val local variable 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
0f4ee418d8 Use return for errors only in oid_parse_number() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
59400ffed5 Improve header docs and rename parameter 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
03329970de Correct error in processing of second component 
Root nodes 0 and 1 may have up to 40 children (0 - 39), not 39 children
(0 - 38) as previously thought.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
18ec9d7da1 Change some error codes to be more accurate 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
92337c0e62 Add function to parse an OID from a string 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 16:34:26 +00:00
Paul Elliott
59200a22aa Improve psa_wipe_output_buffer 
Change name and document to ensure suitability only for "tags" is explicit. Add
support for output size of zero in PSA_SUCCESS case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-22 14:15:31 +00:00
Janos Follath
406b9172ad
Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup 
Bignum: Add named moduli setup
 2023-02-22 12:14:33 +00:00
Przemek Stekiel
5eff1033b6 Remove redundant checks for jpake alg 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
ce131bf5c5 PAKE driver: fix password releasing 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
80a8849903 Adapt conditional compilation flags for jpake alg 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
a54dc69fe0 mbedtls_psa_pake_setup: move driver password and alg init to the common part 
Also in the core part change stage to computation after return from psa_driver_wrapper_pake_setup() regardless of the result. At this point driver context is active even if init has failed.

Additionally handle deallocation of password on failure in mbedtls_psa_pake_setup(). The plan was to handle deallocation on core level by calling abort on failure.
Unfortunately in this case when mbedtls_psa_pake_setup() fails with an unsupported result the built-in implementation is executed (if available) and it will reallocate the password leading to the memory leak.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
6b64862ef7 Documentation fixes and code adaptation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
251e86ae3f Adapt names to more suitable and fix conditional compilation flags 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
6d77830c6a Remove redundant code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
dff21d3429 Move jpake role check to psa_pake_complete_inputs() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
4fcc61eec0 Optimize psa_pake_ecjpake_setup() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
849c35f8b4 Remove pake abort on failure from driver (handled by core) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
e1d51bf3c9 Optimieze psa_pake_complete_inputs() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
3e784d8981 PSA crypto pake: call abort on each failure 
Adapt driver hook counters in pake driver test.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
d69dca9fc4 Rework psa_pake_abort 
- Fix potential issue with freeing password
- Clean operation object even if psa_driver_wrapper_pake_abort fails
- Remove redundant code

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
f62b3bb087 Optimization of pake core functions 
Adapt pake test (passing NULL buffers is not allowed).
Passing the null buffer to psa_pake_output results in a hard fault.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
9dd2440c95 Change pake input: key_lifetime -> key attributes 
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
d5d28a217f Use operation alg for locking key slot 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
1c3cfb4fb0 Introduce PSA_PAKE_OPERATION_STAGE_SETUP to optimize out alg checks 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
ff01bc496c Remove j-pake specific checks from psa_pake_setup 
mbedtls_psa_pake_setup has already check for PSA_PAKE_PRIMITIVE_TYPE_ECC primitive.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
dde6a910bb Optimize out psa_pake_computation_stage_t 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
5cbca790f7 Make usage of pake input getters 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
18620a3b1c Make copy of inputs on stack before passing to psa_driver_wrapper_pake_setup 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
ca8d2b2589 Add get-data functions for inputs + tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
7b730175b3 Simplify psa_pake_computation_stage_s structure 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
b09c487546 Combine core pake computation stage(step,sequence,state) into single driver step 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00