AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
16,820 Commits 1 Branch 0 Tags 61 MiB
80e760e006
Commit Graph

7187 Commits

Author SHA1 Message Date
Hanno Becker
79e2d1b6f6 Fix AEAD additional data computation for TLS 1.3 
The AEAD additional data (AAD) is computed differently in TLS 1.3
compared to TLS 1.2, but this change hasn't yet been reflected in
the codee, rendering the current implementation of

```
   mbedtls_ssl_{encrypt,decrypt}_buf()
```

not standard compliant.

This commit fixes this by adjusting the AAD extraction function
ssl_extract_add_data_from_record() and its call-sites.

Please see the documentation of the code for an explanation
of how the AAD has changed from TLS 1.2 to TLS 1.3.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:52:49 +01:00
Hanno Becker
c94060c641 Add TLS 1.3 specific key to SSL transform conversion function 
This commit adds the TLS 1.3 specific internal function

```
  mbedtls_ssl_tls13_populate_transform()
```

which creates an instance of the SSL transform structure
`mbedtls_ssl_transform` representing a TLS 1.3 record protection
mechanism.

It is analogous to the existing internal helper function

```
   ssl_tls12_populate_transform()
```

which creates transform structures representing record
protection mechanisms in TLS 1.2 and earlier.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:52:49 +01:00
Hanno Becker
bd25755d2a Rename ssl_populate_transform() -> ssl_tls12_populate_transform() 
In TLS 1.2 specific code, the internal helper functions
ssl_populate_transform() builds an SSL transform structure,
representing a specific record protection mechanism.

In preparation for a subsequent commit which will introduce
a similar helper function specific to TLS 1.3, this commmit
renames ssl_populate_transform() to ssl_tls12_populate_transform().

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:52:45 +01:00
Manuel Pégourié-Gonnard
8da9dc05e8
Merge pull request #4748 from TRodziewicz/re-introduce_ext_checks_for_psa_unlock-wipe_key_slot 
Re-introduction of key slot checks
 2021-07-29 13:45:57 +02:00
Manuel Pégourié-Gonnard
b637150dfe
Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1 
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
 2021-07-27 09:42:53 +02:00
Gilles Peskine
3b9bea0757
Merge pull request #4750 from yutotakano/fix-reserved-identifier-clash 
Replace reserved identifier clashes with suitable replacements
 2021-07-22 16:20:56 +02:00
Yuto Takano
538a0cbcf4 Replace _RR with prec_RR to prevent reserved identifier clashes 
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
 2021-07-14 10:20:09 +01:00
TRodziewicz
c9890e9a8c Rewording comments 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-14 10:16:26 +02:00
TRodziewicz
829fe7038d Correction to callback declaration and usage 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-13 12:23:12 +02:00
TRodziewicz
18cddc08c7 Reverting comments deleted in previous PR 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-13 12:19:15 +02:00
Yuto Takano
36c8ddc4cc Replace _B with B to prevent reserved identifier clashes 
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
 2021-07-12 16:02:07 +01:00
Archana
277572fa2b Fix coding style issue 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-07-12 09:00:57 +05:30
Archana
1d2e2bb8cc Add missing Curve448 support for PSA keys 
mbedtls_ecp_read_key and mbedtls_ecp_write_key are updated to include
support for Curve448 as prescribed by RFC 7748 §5.

Test suites have been updated to validate curve448 under Montgomery
curves.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-07-12 08:02:54 +05:30
TRodziewicz
299510e889 Correction to comments and changelog removed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-09 16:55:11 +02:00
TRodziewicz
7871c2e736 Adding new macro for tests failing 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-09 14:27:04 +02:00
David Horstmann
44f6390c32 Remove redundant hash len check 
Remove a check in rsa_rsassa_pkcs1_v15_encode() that
is not needed because the same check is performed
earlier. This check was added in #4707.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-07-08 12:46:26 +01:00
TRodziewicz
458280e67c Correction to outdated comment 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-07 11:33:06 +02:00
Dave Rodgman
45419c1ee5 Revert "Add auto-generated files" 
This reverts commit 3e84187132.
 2021-07-06 20:44:59 +01:00
TRodziewicz
345165c1f7 Reverting deleted macros 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-06 13:42:11 +02:00
TRodziewicz
302ed2bf7d Reverting the TLS 1.3 compatibility 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-05 16:55:27 +02:00
TRodziewicz
d9be65277d Corrections to the new functions names and error message wording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-05 15:16:00 +02:00
TRodziewicz
053b99b90b Re-introduction of key slot chekcs 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-05 12:06:03 +02:00
Dave Rodgman
527b82a34c Bump .so version numbers to stay ahead of 2.x 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-07-02 15:19:38 +01:00
Dave Rodgman
3e84187132 Add auto-generated files 
Add files generated by running make generated_files

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-07-01 09:45:38 +01:00
Dave Rodgman
7601657418 Bump library version numbers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 23:09:51 +01:00
Dave Rodgman
34d8cd2892 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.0.0rc0-pr 2021-06-30 22:51:02 +01:00
Dave Rodgman
9f5774f56d
Merge pull request #4739 from gabor-mezei-arm/3258_fp30_implement_one-shot_MAC_and_cipher 
Implement one-shot cipher
 2021-06-30 17:04:23 +01:00
Dave Rodgman
0a7ff4a4e2
Merge pull request #4741 from gabor-mezei-arm/3267_fp30_sign_verify_key_policies 
Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
 2021-06-30 14:50:57 +01:00
gabor-mezei-arm
5ce25d7806
Remove obsolete comment 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-30 10:46:00 +02:00
Dave Rodgman
dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0 
Cleanup SSL error code space
 2021-06-30 09:02:55 +01:00
gabor-mezei-arm
00e54f1133
Fix minor issues 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:25 +02:00
gabor-mezei-arm
6158e283cc
Check the return status of the functions first 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:24 +02:00
gabor-mezei-arm
58c1727775
Add buffer overflow check 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:24 +02:00
gabor-mezei-arm
3f860e4c18
Remove invalid buffer overflow check 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:24 +02:00
gabor-mezei-arm
47a8e14bb7
Typo 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:01 +02:00
gabor-mezei-arm
0a93b665f7
Fix possible unreachable code 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:01 +02:00
gabor-mezei-arm
90fceea268
Update documentation 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:01 +02:00
gabor-mezei-arm
258ae07fb0
Add checks for buffer size 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
e5ff8f430c
Use local variable instead of an ouput parameter 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
6f4e5bbe37
Initialize output buffer length to 0 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
0dfeaaf5c9
Remove confising comments 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
9951b50b8a
Remove comments 
These comment cannot bring more information than the code does.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
42cdb2a90b
Fix struct initialization 
Fix initialization of mbedtls_psa_cipher_operation_t by not initializing the mbedtls_cipher_context_t typed field completely.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
a9449a0b07
Dispatch cipher functions through the driver interface 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:48:59 +02:00
gabor-mezei-arm
ba0fa75eae
Implement one-shot cipher 
Implement one-shot cipher APIs, psa_cipher_encrypt and psa_cipher_decrypt, introduced in PSA Crypto API 1.0.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:14:34 +02:00
gabor-mezei-arm
95180fe808
Fix comment 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 17:06:33 +02:00
gabor-mezei-arm
43110b6b2c Do key usage policy extension when loading keys 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 17:05:49 +02:00
Dave Rodgman
39bd5a655e Address review comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 15:25:21 +01:00
Dave Rodgman
c50b717a19 Update a couple of ssl error codes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 14:40:23 +01:00
Dave Rodgman
bed8927538 Correct some TLS alerts and error codes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 12:06:44 +01:00