In the `mbedtls_ssl_context` structure, merge the field `in_hsfraglen` into
`badmac_seen_or_in_hsfraglen`. This restores the ABI of `libmbedtls` as it
was in Mbed TLS 3.6.0 through 3.6.2.
The field `badmac_seen_or_in_hsfraglen` (formerly `badmac_seen`) was only
used for DTLS (despite being present in non-DTLS builds), and the field
`in_hsfraglen` was only used in non-DTLS TLS. Therefore the two values can
be stored in the same field.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the `mbedtls_ssl_context` structure, change the type of `in_hsfraglen`
from `size_t` to `unsigned`. This is in preparation for merging
`in_hsfraglen` into `badmac_seen_or_in_hsfraglen`, which has the type
`unsigned` and cannot change since we do not want to change the ABI.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Prepare to unify two fields of the `mbedtls_ssl_context` structure:
`badmac_seen` (always present but only used in DTLS) and
`in_hsfraglen` (always present but only used in non-DTLS TLS).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it.
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
Detect attempts to do ECDSA with a Montgomery curve in psa_sign_hash_start()
and psa_verify_hash_start(), whereas before start() would succeed and
complete() would fail. This avoids an inconsistency between psa_sign_hash()
and psa_sign_hash_start() that would be annoying to handle in
test_suite_psa_crypto_op_fail.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't list mechanisms that are not implemented in
`include/psa/crypto_config.h`, even commented out. Uncommenting them
wouldn't help anyway: they don't work. Having them listed, even commented
out, causes `find_dependencies_not_implemented()` in `psa_test_case.py` to
consider those mechanisms to be implemented, and thus causes
`generate_psa_tests.py` to generate test cases that cannot be executed.
The affected mechanisms are:
* `PSA_ALG_CBC_MAC` (`PSA_WANT_ALG_CBC_MAC`)
* `PSA_ALG_XTS` (`PSA_WANT_ALG_XTS`)
* `PSA_ECC_FAMILY_SECP_K1` 224-bit (`PSA_WANT_ECC_SECP_K1_224`)
Also remove the affected mechanisms from configuration adjustment files,
since that is code that can never be triggered.
There were already no generated test cases for SECP224K1 because
`PSA_WANT_ECC_SECP_K1_224` was already detected as a dependency that cannot
be implemented, because that is not a valid size: PSA defines SECP224K1 as
225-bit, and `crypto_knowledge.py` follows suite, so `generate_psa_tests.py`
saw `PSA_WANT_ECC_SECP_K1_225` in its enumeration but skipped it because it
was never mentioned in `crypto_config.h`.
This causes generated PSA tests to no longer include positive test cases for
`PSA_ALG_CBC_MAC` and `PSA_ALG_XTS`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In particular, if interruptible ECDSA is supported but not the deterministic
variant, detect this in psa_sign_hash_start(), whereas before start() would
succeed and psa_sign_hash_complete() would fail. This avoids an
inconsistency between psa_sign_hash() and psa_sign_hash_start() that would
be annoying to handle in test_suite_psa_crypto_op_fail.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Uniformly return PSA_ERROR_NOT_SUPPORTED if given an algorithm that includes
a hash, but that hash algorithm is not supported. This will make it easier
to have a uniform treatment of unsupported hashes in automatically generated
tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_ecp_gen_key() generates a private key and calculates the public key.
Calculating the public key takes most of the CPU time. But the PSA key store
doesn't store the key, in order to simplify the plumbing when drivers are
involved. So the time spent calculating the public key is a waste.
Instead, call mbedtls_ecp_gen_privkey(), which does not calculate the public
key.
This also saves 8 instructions in a sample arm thumb build.
Resolves#9732.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Cleanly reject bits == 0 when calling mbedtls_ecdsa_raw_to_der() and
mbedtls_ecdsa_der_to_raw(). This can plausibly happen when bits is
user-provided data that the calling application doesn't check.
Before this patch, there was typically-benign undefined behavior, such as
adding 0 to a null pointer or calling memcpy on a null pointer with a size
of 0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the test examples and real usage scenarios, 'mbedtls_net_free' is called after 'mbedtls_net_connect' fails, which will cause the problem of double close the same fd. It is possible to close this closed fd which has been applied by other link.
Signed-off-by: makejian <makejian@xiaomi.com>
Move the default definition of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
from psa_crypto_core.h to the public header crypto_extra.h in order
to solve documentation build issues.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Instead of checking for "in_use" to be true/false or "key.data"
to be not NULL, simply check that "key.bytes" is 0/not-0.
psa_allocate_buffer_to_slot() will update this value whenever
a new slot is allocated (for the fully static case "allocated"
actually mean "taken").
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
If MBEDTLS_PSA_STATIC_KEY_SLOTS is set then limit PSA_CRYPTO_MAX_STORAGE_SIZE
to MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE, otherwise keep the previous
PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS) size.
This commit also removes changes to test_suite_psa_crypto_persistent_key.data
done previously since MBEDTLS_PSA_STATIC_KEY_SLOTS is always up to date
with key buffer size.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This helps reducing heap memory usage and, if heap memory is
not used anywhere else in an embedded device, it also reduces
code footprint since there is no need for heap management code
in this case.
A new build symbol is added for this purpose, named
MBEDTLS_PSA_STATIC_KEY_SLOTS. It's disabled by default so that
normal usage of Mbed TLS library is not affected.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Needed after b81cd1af6418823a2b5ffbd3710ceac9b0e0afa4 (#9671)
since generate_ssl_debug_helpers.py was moved to the framework
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
This commit fixes potential buffer overrun in:
- pk_write_rsa_der
- pk_write_ec_pubkey
In both functions, when dealing with opaque keys, there was no
check that the provided buffer was large enough to contain the
key being exported. This commit fixes this problem and it also
adds some testing in test_suite_pkwrite to trigger these checks.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
