mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-30 15:32:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
19,481 Commits 170 Branches 263 Tags
Commit Graph

8585 Commits

Author SHA1 Message Date
Gilles Peskine
695c4cb7ea If a cipher algorithm is not supported, fail during setup 
In some cases, a cipher operation for an unsupported algorithm could succeed
in psa_cipher_{encrypt,decrypt}_setup() and fail only when input is actually
fed. This is not a major bug, but it has several minor downsides: fail-late
is harder to diagnose for users than fail-early; some code size can be
gained; tests that expect failure for not-supported parameters would have to
be accommodated to also accept success.

This commit at least partially addresses the issue. The only completeness
goal in this commit is to pass our full CI, which discovered that disabling
only PSA_WANT_ALG_STREAM_CIPHER or PSA_WANT_ALG_ECB_NO_PADDING (but keeping
the relevant key type) allowed cipher setup to succeed, which caused
failures in test_suite_psa_crypto_op_fail.generated in
component_test_psa_crypto_config_accel_xxx.

Changes in this commit:
* mbedtls_cipher_info_from_psa() now returns NULL for unsupported cipher
  algorithms. (No change related to key types.)
* Some code that is only relevant for ECB is no longer built if
  PSA_WANT_ALG_ECB_NO_PADDING is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:03:39 +02:00
Gilles Peskine
0c3a071300 Make psa_key_derivation_setup return early if the key agreement is not supported 
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:00:01 +02:00
Gilles Peskine
0cc417d34b Make psa_key_derivation_setup return early if the hash is not supported 
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 14:58:39 +02:00
Gilles Peskine
9efde4f2ec Simplify is_kdf_alg_supported in psa_key_derivation_setup_kdf 
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 14:57:20 +02:00
Przemek Stekiel
8583627ece psa_ssl_status_to_mbedtls: add conversion of PSA_ERROR_BUFFER_TOO_SMALL 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-05 10:50:53 +02:00
Neil Armstrong
1039ba5c98 Check if not using Opaque PSK in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:33:01 +02:00
Neil Armstrong
ede381c808 Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:33:01 +02:00
Neil Armstrong
3cae167e6a Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
e18ff952a7 Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
b7ca76b652 Use intermediate pointer for readability and rename PMS pointer in ECHDE-PSK PSA version of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
fdf20cb513 Fix command indentation in ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
2d63da9269 Introduce zlen size variable in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
d6e2759afb Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
fb0a81ece9 Return PSA translated errors in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
5a1455d8d5 Remove useless braces in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
3bcef08335 Update comments in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
549a3e4737 Initialize uninitialized variable in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
fc834f2e2c Introduce content_len_size variable in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong
0bdb68a242 Introduce zlen size variable in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:52 +02:00
Neil Armstrong
d8420cad31 Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:52 +02:00
Neil Armstrong
c530aa6b4e Return PSA translated errors in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:52 +02:00
Neil Armstrong
b9f319aec1 Remove useless braces in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:51 +02:00
Neil Armstrong
2540045542 Update comments in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:07 +02:00
Neil Armstrong
bc5e8f9dd0 Initialize uninitialized variables in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:07 +02:00
Neil Armstrong
039db29c7d Implement PSA server-side ECDHE-PSK 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:07 +02:00
Neil Armstrong
868af821c9 Implement PSA client-side ECDHE-PSK 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:06 +02:00
Przemek Stekiel
a9f9335ee9 ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check 
This check can be removed as if the buffer is too small for the key, then export will fail.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-04 17:32:30 +02:00
Neil Armstrong
e88d190f2e Set ecdh_psa_privkey_is_external to 1 right after setting ecdh_psa_privkey in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-04 11:27:57 +02:00
Neil Armstrong
f716a700a1 Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-04 11:23:46 +02:00
Manuel Pégourié-Gonnard
de68e39ddf
Merge pull request #5568 from superna9999/5159-pk-rsa-verification 
PK: RSA verification
 2022-04-04 11:23:33 +02:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 
TLS 1.2/1.3 version negotiation - 2
 2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors 
Accessors to own CID within mbedtls_ssl_context
 2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard
6a25159c69
Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations 
HKDF 2: use internal implementations in TLS 1.3
 2022-04-01 11:15:29 +02:00
Manuel Pégourié-Gonnard
451114fe42
Merge pull request #5647 from superna9999/5179-follow-up-tls-record-hmac-no-mdinfo 
Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
 2022-04-01 10:04:56 +02:00
Paul Elliott
0113cf1022 Add accessor for own cid to ssl context 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-31 19:21:41 +01:00
Ronald Cron
11218dda96 ssl_client.c: Fix unused parameter 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:25:27 +02:00
Ronald Cron
bdb4f58cea Add and update documentation of some minor version fields 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:24:59 +02:00
Ronald Cron
82c785fac3 Make handshake::min_minor_ver client only 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 15:44:41 +02:00
Neil Armstrong
91477a7964 Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:18 +02:00
Neil Armstrong
1335222f13 Return translated PSA error in PSA version of ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:18 +02:00
Neil Armstrong
f788253ed3 Fix comment typo in PSA version of ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Neil Armstrong
80325d00cf Allow ECDSA PK Opaque keys for ECDH Derivation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Neil Armstrong
104a7c1d29 Handle Opaque PK EC keys in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Neil Armstrong
8113d25d1e Add ecdh_psa_shared_key flag to protect PSA privkey if imported 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Neil Armstrong
5cd5f76d67 Use mbedtls_platform_zeroize() in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Neil Armstrong
4f33fbc7e9 Use PSA define for max EC key pair size in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Neil Armstrong
306d6074b3 Fix indentation issue in PSA version of ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Neil Armstrong
062de7dd79 Use PSA_BITS_TO_BYTES instead of open-coded calculation in PSA version of ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Neil Armstrong
1f4b39621b Implement PSA server-side ECDH-RSA/ECDSA 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Ronald Cron
6476726ce4 Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 14:13:57 +02:00