Commit Graph

157 Commits

Author SHA1 Message Date
Dave Rodgman
050ad4bb50
Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac
Check HMAC return values
2021-12-13 10:51:27 +00:00
Gilles Peskine
ecf6bebb9c Catch failures of md_hmac operations
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 15:00:57 +01:00
Gilles Peskine
d5ba50e239 Zeroize local MAC variables
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 14:59:45 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Ronald Cron
7e38cba993 Add incoming ChangeCipherSpec filtering in TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
Jerry Yu
a1a568c2f6 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-09 10:17:21 +08:00
Jerry Yu
1ca80f7ca5 fix comment issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-08 10:45:16 +08:00
Jerry Yu
47413c2c8f fix wrong version header for tls1.3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-30 20:23:37 +08:00
Gabor Mezei
22c9a6fccc
Rename internal header constant_time.h to constant_time_internal.h
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 12:15:20 +02:00
Gabor Mezei
90437e3762
Rename constant-time functions to have mbedtls_ct prefix
Rename functions to better suite with the module name.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:59:27 +02:00
Gabor Mezei
765862c4f3
Move mbedtls_cf_memcmp to a new public header
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-19 12:22:25 +02:00
Ronald Cron
e23bba04ee
Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils
TLS 1.3: ServerHello: add  utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012) thus we can consider that this PR passed CI.
2021-10-11 11:01:11 +02:00
Jerry Yu
fd320e9a6e Replace zeroize with memset
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 21:52:41 +08:00
Jerry Yu
ae0b2e2a2f Rename counter_len
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
c1ddeef53a fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
d96a5c2d86 Fix wrong usage of counter len macro
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-29 17:46:51 +08:00
gabor-mezei-arm
4602564d7a
Unify memcmp functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:33:47 +02:00
gabor-mezei-arm
9c1203fd67
Delete ssl_invasive.h due to duplicated function declarations
All function declaration provided by ssl_invasive.h is needed only for
testing purposes and all of them are provided by constant_time.h as well.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
1349ffde84
Move mbedtls_cf_hmac function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
0e7f71e1a9
Move mbedtls_cf_memcpy_offset function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
dee0fd33f1
Move mbedtls_cf_memcpy_if_eq function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:43 +02:00
gabor-mezei-arm
8d1d5fd204 Move mbedtls_cf_size_bool_eq function to the constant-time module
There were multiple functions called mbedtls_cf_size_bool_eq. They had exactly
the same behavior, so move the one in bignum.c and remove the other.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:20:07 +02:00
gabor-mezei-arm
16fc57bcc4
Move mbedtls_cf_size_mask_ge function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
c76227d808
Move mbedtls_cf_size_mask_lt function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
3733bf805a
Move mbedtls_cf_size_mask function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
db9a38c672
Move contatnt-time memcmp functions to the contant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
9fa43ce238
Rename function to have suitable name
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:14:47 +02:00
Jerry Yu
d9a94fe3d0 Add counter length macro
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-28 20:10:26 +08:00
Jerry Yu
957f0fa1f7 Add length macro for in_ctr
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
92c1ca221f fix likely typos error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
5243142476 Add macro for length of input counter
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
e3131ef7f3 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
c7875b5f11 add set in/out transform utils
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
3bf1f97a0e fix various issue on pending send alert
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
bbd5a3fded fix pending_alert issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
394ece6cdd Add function for set pending alert flag
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
e7047819ee add pend fatal alert
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Joe Subbiani
6dd7364553 Replace instances of byte reading macros with PUT
Instances of a group of byte reading macros which are equivilant to
MBEDTLS_PUT_UINTx_yz

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:57:41 +01:00
Joe Subbiani
fbeb692dd0 Use byte reading macros in places not using a byte mask
byte shifting opertations throughout library/ were only replaced with
the byte reading macros when an 0xff mask was being used.
The byte reading macros are now more widley used, however they have not
been used in all cases of a byte shift operation, as it detracted from
the immediate readability or otherwise did not seem appropriate.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
2194dc477a Replace MBEDTLS_CHAR_x with MBEDTLS_BYTE_x
The CHAR macros casted to an unsigned char which in this project
is garunteed to be 8 bits - the same as uint8_t (which BYTE casts
to) therefore, instances of CHAR have been swapped with BYTE and
the number of macros have been cut down

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
cd84d76e9b Add Character byte reading macros
These cast to an unsigned char rather than a uint8_t
like with MBEDTLS_BYTE_x
These save alot of space and will improve maintence by
replacing the appropriate code with MBEDTLS_CHAR_x

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:41 +01:00
Joe Subbiani
5ecac217f0 Prefixed macros with MBEDTLS
As per tests/scripts/check-names.sh, macros in
library/ header files should be prefixed with
MBEDTLS_
The macro functions in common.h where also indented
to comply with the same test

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:54 +01:00
Joe Subbiani
6f2bb0c8ef Remove trailing whitespace
Trailing white spaces causing check_files.py to fail

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:54 +01:00
Joe Subbiani
50dde56543 Implement byte reading macros into library/
To improve readability by saving horizontal and vertical space.
Removed unecessary & 0xFF.
Byte reading macros implemented in library/common.h, All files
containing "& 0xff" were modified.
Comments/Documentation not yet added to the macro definitions.

Fixes #4274

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Manuel Pégourié-Gonnard
409c8f6e1b
Merge pull request #4851 from hanno-arm/hs_msg_without_checksum
Add handshake message writing variant that doesn't update checksum
2021-08-12 11:54:10 +02:00
Hanno Becker
f3cce8b0e1 Add handshake message writing variant that doesn't update checksum
The helper `mbedtls_ssl_write_handshake_msg` writes a handshake message
and updates the handshake transcript.

With TLS 1.3, we need finer control over the checksum: updating
at message granularity is not sufficient. To allow for manual maintenance
of the checksum in those cases, refine `mbedtls_ssl_write_handshake_msg()`
into `mbedtls_ssl_write_handshake_msg_ext()` which takes a parameter
determining whether the checksum should be updated.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-07 14:29:49 +01:00
Hanno Becker
79e2d1b6f6 Fix AEAD additional data computation for TLS 1.3
The AEAD additional data (AAD) is computed differently in TLS 1.3
compared to TLS 1.2, but this change hasn't yet been reflected in
the codee, rendering the current implementation of

```
   mbedtls_ssl_{encrypt,decrypt}_buf()
```

not standard compliant.

This commit fixes this by adjusting the AAD extraction function
ssl_extract_add_data_from_record() and its call-sites.

Please see the documentation of the code for an explanation
of how the AAD has changed from TLS 1.2 to TLS 1.3.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:52:49 +01:00
Manuel Pégourié-Gonnard
b637150dfe
Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
2021-07-27 09:42:53 +02:00
TRodziewicz
345165c1f7 Reverting deleted macros
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-06 13:42:11 +02:00