Commit graph

4019 commits

Author SHA1 Message Date
Paul Elliott 75e27032d3 Rename DH Family Macros According to PSA Spec
Rename PSA_DH_GROUP_xxx to PSA_DH_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_GROUP to PSA_KEY_TYPE_DH_GET_FAMILY and rename
psa_dh_group_t to psa_dh_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:49 +01:00
Paul Elliott 8ff510ac26 Rename ECC Family Macros According to PSA Spec
Rename PSA_ECC_CURVE_xxx to PSA_ECC_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_CURVE to PSA_KEY_TYPE_ECC_GET_FAMILY and rename
psa_ecc_curve_t to psa_ecc_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:30 +01:00
Janos Follath be9a5752c2 Merge tag 'mbedtls-2.23.0' into merge-2.23.0-release-to-development
Mbed TLS 2.23.0
2020-07-01 11:23:17 +01:00
Janos Follath 0435cd8c23 Bump version to Mbed TLS 2.23.0
Executed "./scripts/bump_version.sh --version 2.23.0 --so-crypto 5"

A symbol has been removed from the mbedcrypto library since the last
release:
mbedtls_ecc_group_to_psa ( enum mbedtls_ecp_group_id grpid,
                           size_t* bits )

This is an ABI break and we need to increase the SO version.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-06-29 22:41:30 +01:00
Gilles Peskine 961914df12
Merge pull request #3382 from stevew817/feature/volatile-keys-in-SE
Support volatile keys in external SE
2020-06-26 20:27:11 +02:00
Janos Follath 4d1884916b Merge branch 'development-restricted' into mbedtls-2.23.0r0 2020-06-25 09:17:25 +01:00
Gilles Peskine dda104558b
Merge pull request #3419 from ndilieto/development
Pass "certificate policies" extension to callback
2020-06-23 09:35:45 +02:00
Nicola Di Lieto 511bc8c57b add comment about potential future extension
as requested, see
https://github.com/ARMmbed/mbedtls/pull/3419#discussion_r443836568

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-23 00:15:28 +02:00
Nicola Di Lieto c84b1e6aa0 Pass "certificate policies" extension to callback
Pass the "certificate policies" extension to the callback supplied to
mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported
policies. This allows the callback to fully replicate the behaviour
of the deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
configuration.

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-17 17:55:29 +02:00
Bence Szépkúti 869746577a Add Apache-2.0 headers to all source files
Also normalize the first line of the copyright headers.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find scripts
find -path './.git' -prune -o '(' -name '*.c' -o -name '*.cpp' -o -name '*.fmt' -o -name '*.h' ')' -print | xargs sed -i '

# Normalize the first line of the copyright headers (no text on the first line of a block comment)
/^\/\*.*Copyright.*Arm/I {
  i\
/*
  s/^\// /
}

/Copyright.*Arm/I {

  # Print copyright declaration
  p

  # Read the two lines immediately following the copyright declaration
  N
  N

  # Insert Apache header if it is missing
  /SPDX/! i\
 *  SPDX-License-Identifier: Apache-2.0\
 *\
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may\
 *  not use this file except in compliance with the License.\
 *  You may obtain a copy of the License at\
 *\
 *  http://www.apache.org/licenses/LICENSE-2.0\
 *\
 *  Unless required by applicable law or agreed to in writing, software\
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
 *  See the License for the specific language governing permissions and\
 *  limitations under the License.

  # Clear copyright declaration from buffer
  D
}
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-16 17:38:44 +02:00
Manuel Pégourié-Gonnard a92e3def48
Merge pull request #873 from hanno-arm/ssl_write_client_hello
Bounds checks in ssl_write_client_hello
2020-06-15 10:57:51 +02:00
Ronald Cron b7b35e125b Align with check-like function return value convention
By convention, in the project, functions that have a
check or similar in the name return 0 if the check
succeeds, non-zero otherwise. Align with this for
mbedtls_ssl_chk_buf_ptr().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-11 09:50:51 +02:00
Manuel Pégourié-Gonnard 87a51aa08e
Merge pull request #3243 from ndilieto/development
New mbedtls_x509_crt_parse_der_with_ext_cb() routine
2020-06-10 12:59:58 +02:00
Steven Cooreman db06445ad6 Fix typo in currently unused macro constant
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-08 18:19:33 +02:00
Manuel Pégourié-Gonnard 71d56678d1 Update documentation about optional f_rng parameter
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 09:09:20 +02:00
Manuel Pégourié-Gonnard c52a43c2bd Implement use of internal DRBG for ecp_mul()
The case of MBEDTLS_ECP_RESTARTABLE isn't handled correctly yet: in that case
the DRBG instance should persist when resuming the operation. This will be
addressed in the next commit.

When both CTR_DRBG and HMAC_DRBG are available, CTR_DRBG is preferred since
both are suitable but CTR_DRBG tends to be faster and I needed a tie-breaker.

There are currently three possible cases to test:

- NO_INTERNAL_RNG is set -> tested in test_ecp_no_internal_rng
- it's unset and CTR_DRBG is available -> tested in the default config
- it's unset and CTR_DRBG is disabled -> tested in
  test_ecp_internal_rng_no_ctr_drbg

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 09:09:20 +02:00
Manuel Pégourié-Gonnard 1a3f9edc08 Add config.h option MBEDTLS_ECP_NO_INTERNAL_RNG
No effect so far, except on dependency checking, as the feature it's meant to
disable isn't implemented yet (so the descriptions in config.h and the
ChangeLog entry are anticipation for now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 09:09:20 +02:00
Janos Follath bba4c17b7a
Merge pull request #3315 from hanno-arm/tls13-experimental-macro
Add support for TLS 1.3 record protection routines
2020-06-04 15:51:54 +01:00
Gilles Peskine d6916d74c5
Merge pull request #3121 from gilles-peskine-arm/invasive_testing_strategy-crypto
Invasive testing strategy

Create a new header `common.h`.

Introduce a configuration option `MBEDTLS_TEST_HOOKS` for test-specific code, to be used in accordance with the invasive testing strategy.
2020-06-02 16:55:48 +02:00
Hanno Becker afca47a6b9 Fix typo in check_config.h
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-06-02 07:51:26 +01:00
Hanno Becker 6055a17d7d Add dependencies for experimental TLS 1.3 features in check_config.h
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-06-02 06:20:23 +01:00
Hanno Becker ceef848eb6 Rename TLS 1.3 padding granularity macro
This is to avoid confusion with the class of macros

MBEDTLS_SSL_PROTO_TLS1_X

which have an underscore between major and minor version number.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-06-02 06:16:00 +01:00
Hanno Becker 29e9895faa Change TLS 1.3 default padding to no padding
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-31 08:51:29 +01:00
Hanno Becker 13996927cb Introduce configuration option for TLS 1.3 padding granularity
TLS 1.3 record protection allows the addition of an arbitrary amount
of padding.

This commit introduces a configuration option

```
   MBEDTLS_SSL_TLS13_PADDING_GRANULARITY
```

The semantics of this option is that padding is chosen in a minimal
way so that the padded plaintext has a length which is a multiple of
MBEDTLS_SSL_TLS13_PADDING_GRANULARITY.

For example, setting MBEDTLS_SSL_TLS13_PADDING_GRANULARITY to 1024
means that padded plaintexts will have length 1024, 2048, ..., while
setting it to 1 means that no padding will be used.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-31 08:51:25 +01:00
Nicola Di Lieto 565b52bb72 mbedtls_x509_crt_parse_der_with_ext_cb improvement
Continue parsing when the callback fails to parse a non critical
exception. Also document the behaviour more extensively and pass
the callback error code to the caller unaltered.

See https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630548
and https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630968

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-29 23:09:47 +02:00
Ronald Cron 8216dd3f34 Use defines to check alpn ext list validity
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-05-29 15:10:30 +02:00
Hanno Becker e131bfec29 Return error in case of bad user configurations
This commits adds returns with the SSL_BAD_CONFIG error code
in case of bad user configurations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-05-29 15:10:30 +02:00
Hanno Becker b4c0b7556d Add error condition for bad user configurations
This commit adds an error condition for bad user configurations
and updates the number of SSL module errors in error.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-05-29 15:10:30 +02:00
Janos Follath 0af1560919
Merge pull request #3305 from gilles-peskine-arm/psa-asymmetric-adjectives
PSA: Fix copypasta and align terminology about asymmetric encryption
2020-05-29 08:15:11 +01:00
Nicola Di Lieto 5659e7e889 Add opaque context to mbedtls_x509_crt_ext_cb_t
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 23:41:38 +02:00
Nicola Di Lieto 5f6ebdebdb Fix wrong parameter name in comment
Detected by Travis
https://travis-ci.org/github/ARMmbed/mbedtls/jobs/692213150

/home/travis/build/ARMmbed/mbedtls/include/mbedtls/x509_crt.h:333:
warning: argument 'make_copy' of command @param is not found in the
argument list of mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt
*chain, const unsigned char *buf, size_t buflen, int no_copy,
mbedtls_x509_crt_ext_cb_t cb)

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 23:20:46 +02:00
Nicola Di Lieto 4dbe5676af mbedtls_x509_crt_parse_der_with_ext_cb enhancement
added make_copy parameter as suggested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r431233555

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 17:17:27 +02:00
Nicola Di Lieto fae25a13d9 mbedtls_x509_crt_ext_cb_t definition changed
As suggested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r431238005

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 17:17:27 +02:00
Nicola Di Lieto fde98f7773 Rename mbedtls_x509_crt_parse_der_ext
new name: mbedtls_x509_crt_parse_der_with_ext_cb

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 17:17:27 +02:00
ndilieto 6e24980cc6 Minor style and documentation improvements
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 17:17:27 +02:00
Hanno Becker 3c358d4e12 Improve documentation of MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker e41606001b Disable experimental TLS 1.3 features in default config
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker 7d343ecf06 Add note on inner plaintext parsing to ssl_transform documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker 2ab47dc5cd Add internal version identifier for TLS 1.3
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker 9fc15ea4cc Introduce config option for experimental TLS 1.3 specific features
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Gilles Peskine 4eb05a4edd Fix article in documentation
Co-authored-by: Andrew Thoelke <andrew.thoelke@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:51:00 +02:00
Manuel Pégourié-Gonnard 5eae4dd08e
Merge pull request #3301 from Patater/inline-mbedtls_ecc_group_to_psa
psa: Define mbedtls_ecc_group_to_psa() inline
2020-05-19 09:06:04 +02:00
Gilles Peskine 344e15b010 Update SE support to pass a location when registering a driver
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.

This commit updates the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:15:26 +02:00
Gilles Peskine 52ac958d6b Update the SE interface to pass a location when registering a driver
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.

This commit updates the PSA specification draft.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine 4cfa443d2a Fix macros
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine e3871f8ae8 Missing word
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine c4ee2f3a87 Define a macro to construct a lifetime from persistence and location
Applications need this to combine implementation-specific values of
persistence levels and location indicators.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine aff1181d67 Document PSA_KEY_PERSISTENCE_xxx and PSA_KEY_LOCATION_xxx
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine ee04e69956 Rename and clarify the default persistent location and persistence
Call persistence "default" because that is genuinely the default that
applications should use if they don't know better. It's slightly
misleading in that the default persistence when you create a key is
volatile, not this: "default" is the default persistence for
persistent keys, not the default persistence for keys in general. But
we haven't found a better name.

Introduce the term "primary local storage" to designate the default
storage location.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine 5dcb74f02f PSA_KEY_LIFETIME_PERSISTENT is a lifetime, not just a storage area
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine bbb3c1815a Shorten type and value names for lifetime parts
Drop lifetime_ or LIFETIME_ to make the names shorter. They're still
unambiguous.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine 2d2bb1dd04 Define some structure for lifetime values
* Lower 8 bits: persistence level
    * 0: volatile
    * 1: persistent (default)
    * 2-127: persistent (reserved for future PSA specifications)
    * 128-254: persistent (reserved for vendors)
    * 255: read-only
* Upper 24 bits: location indicator
    * 0: built-in
    * 1: primary secure element
    * 2-0x7fffff: reserved for future PSA specifications
    * 0x800000-0xffffff: vendor-specific

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Hanno Becker 51018aab56 Add macro for bounds checking
This commit adds a macro for buffer bounds checks in the SSL
module. It takes the buffer's current and end position as the
first argument(s), followed by the needed space; if the
available space is too small, it returns an SSL_BUFFER_TOO_SMALL
error.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-05-07 11:43:55 +02:00
Gilles Peskine 6cc0a204b9 Terminology: prefer "asymmetric" to "public-key"
Most of the documentation and some of the function names use
"asymmetric", so use "asymmetric" everywhere. Mention "public-key" in
key places to make the relevant functions easy to find if someone is
looking for that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-05 16:05:26 +02:00
Gilles Peskine 7668960e43 Fix copypasta: ciphertext -> plaintext
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-05 16:05:08 +02:00
Gilles Peskine 9ff8d1f963 Fix copypasta: signature -> encryption
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-05 16:05:08 +02:00
Darryl Green 2f0eb51aae psa: Define mbedtls_ecc_group_to_psa() inline
On dual world platforms, we want to run the PK module (pk.c) on the NS
side so TLS can use PSA APIs via the PK interface. PK currently has a
hard dependency on mbedtls_ecc_group_to_psa() which is declared in
crypto_extra.h, but only defined in psa_crypto.c, which is only built
for the S side.

Without this change, dual world platforms get error messages like the
following.

    [Error] @0,0: L6218E: Undefined symbol mbedtls_ecc_group_to_psa (referred from BUILD/LPC55S69_NS/ARM/mbed-os/features/mbedtls/mbed-crypto/src/pk.o)

Make mbedtls_ecc_group_to_psa() inline within crypto_extra.h so that it
is available to both NS and S world code.

Fixes #3300

Signed-off-by: Darryl Green <darryl.green@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2020-05-05 12:41:48 +01:00
Nicola Di Lieto 502d4b4510 New mbedtls_x509_crt_parse_der_ext() routine
This routine is functionally equivalent to mbedtls_x509_crt_parse_der(),
but it accepts an additional callback function which it calls with
every unsupported certificate extension.

Proposed solution to https://github.com/ARMmbed/mbedtls/issues/3241

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-04-25 14:46:04 +02:00
Gilles Peskine dc9c47da6c
Merge pull request #3176 from aggarg/development
Add support for const error description strings
2020-04-21 13:57:11 +02:00
Gaurav Aggarwal 6ea4fc7b53 Address review comments
1. The functions mbedtls_high_level_strerr and mbedtls_low_level_strerr
   accept any error code and extract the high-level and low-level parts
   respectively.
2. Documentation updates.

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
2020-04-20 16:03:46 -07:00
Janos Follath a18c4f35c9
Merge pull request #686 from ARMmbed/merge-2.22.0-release-to-development
Merge 2.22.0 release to development
2020-04-14 16:21:53 +01:00
Manuel Pégourié-Gonnard 5d318cc22b
Merge pull request #3130 from gbryant-arm/generic-psk
Clarify and simplify PSK
2020-04-14 10:54:01 +02:00
Janos Follath ac15f842a5 Merge remote-tracking branch 'restricted/pr/684' into mbedtls-2.22.0r0 2020-04-14 08:16:27 +01:00
Gaurav Aggarwal 3d02db23e8 Add auto-generated code markers
The presence of these markers in the original code was helpful to me in
figuring out that this portion of the code is auto-generated.
Therefore, I think those are useful and should be present.

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
2020-04-11 17:14:03 -07:00
Jaeden Amero 66e21efe47
Merge pull request #3163 from AndrzejKurek/variable-buffers-renegotiation
Variable buffers & renegotiation - fixes
2020-04-09 12:11:02 +01:00
Gaurav Aggarwal a9f64006ea Add support for const error description strings
Problem
-------
mbedtls_strerror is a utility function which converts an mbedTLS error code
into a human readable string. It requires the caller to allocate a buffer every
time an error code needs to be converted to a string. It is an overkill and a
waste of RAM for resource constrained microcontrollers - where the most common
use case is to use these strings for logging.

Solution
--------
The proposed commit adds two functions:

* const char * mbedtls_high_level_strerr( int error_code );
* const char * mbedtls_low_level_strerr( int error_code );

The above two functions convert the high level and low level parts of an mbedTLS
error code to human readable strings. They return a const pointer to an
unmodifiable string which is not supposed to be modified by the caller and only
to be used for logging purposes. The caller no longer needs to allocate a
buffer.

Backward Compatibility
----------------------
The proposed change is completely backward compatible as it does not change
the existing mbedtls_strerror function and ensures that it continues to behave
the same way.

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
2020-04-09 01:44:52 -07:00
Andrzej Kurek 90c6e84a9c
Split the maximum fragment length into two - an input and output MFL
Since the server might want to have a different maximum fragment length
for the outgoing messages than the negotiated one - introduce a new way of
computing it. This commit also adds additional ssl-opt.sh tests ensuring
that the maximum fragment lengths are set as expected. 
mbedtls_ssl_get_max_frag_len() is now a deprecated function,
being an alias to mbedtls_ssl_get_output_max_frag_len(). The behaviour
of this function is the same as before.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-04-09 04:30:34 -04:00
Janos Follath 876e0259d5 Bump version to Mbed TLS 2.22.0
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-08 17:15:18 +01:00
danh-arm 6d41f4cc42
Merge pull request #3122 from mpg/drafts-became-rfcs
Update references from drafts to RFCs in config.h
2020-04-06 09:54:53 +01:00
Guilhem Bryant b5f04e4d84 Properly initialise psk and psk_len
Signed-off-by: Guilhem Bryant <Guilhem.Bryant@arm.com>
2020-04-01 11:25:12 +01:00
Simon Butcher 432e7023b1 Add additional sanity checks to check_config.h
Additional sanity checks in check_config.h to ensure:
    * if test certificates are included (MBEDTLS_CERTS_C) there must be also be
      support for the core X509 feature (MBEDTLS_X509_USE_C). This has a
      secondary dependency on the public key abstraction layer (MBEDTLS_PK_C),
      necessary as the certificates will either be signed by RSA or ECDSA, and
      therefore need to be part of the library.
    * if any of the TLS protocols are defined (MBEDTLS_SSL_PROTO_xxx) then a
      key exchange method must also be defined (MBEDTLS_KEY_EXCHANGE_xxx).

Anyone who knows the library will probably not make these mistakes or will
quickly diagnose and fix them, but it is possible to compile and link both
configurations if you build only the library and not the example programs, and
therefore users may not realise immediately that there's a mistake, only
discovering it at runtime.

These checks may therefore save someone some time.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-27 17:16:15 +00:00
Guilhem Bryant 8a69ddd7ad Fix Doxygen comments
Signed-off-by: Guilhem Bryant <Guilhem.Bryant@arm.com>
2020-03-27 11:15:28 +00:00
Guilhem Bryant d511ac3419 Define internal PSK getter
Signed-off-by: Guilhem Bryant <Guilhem.Bryant@arm.com>
2020-03-25 17:47:25 +00:00
Guilhem Bryant e40a2f7a99 Improve documentation about PSK configuration
Signed-off-by: Guilhem Bryant <Guilhem.Bryant@arm.com>
2020-03-25 17:47:25 +00:00
Manuel Pégourié-Gonnard bca8aa07b0 Update references from drafts to RFCs in config.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-03-25 10:34:39 +01:00
Gilles Peskine fea6eaf5e3 Declare MBEDTLS_TEST_HOOKS in config.h
When this option is enabled, the product includes additional
interfaces that enable additional tests. This option should not be
enabled in production, but is included in the "full" build to enable
the extra tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-24 22:56:45 +01:00
Gilles Peskine f03bd81be0 Place MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH in alphabetical order
The automatic merge of include/mbedtls/config.h had placed
MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH before
MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT.
2020-03-23 18:13:58 +01:00
Gilles Peskine 5e7d6fd240 Merge 'mbedtls/development' into merge-crypto-unremoved-20200304
Merge the latest state of the target branch (mbedtls/development) into the
pull request to merge mbed-crypto into mbedtls.

Conflicts:

* ChangeLog: add/add conflict. Resolve by using the usual section order.
2020-03-23 18:02:07 +01:00
Gilles Peskine eccd888717 Rename identifiers containing double-underscore
Rename identifiers containing double-underscore (`__`) to avoid `__`.
The reason to avoid double-underscore is that all identifiers
containing double-underscore are reserved in C++. Rename all such
identifiers that appear in any public header, including ssl_internal.h
which is in principle private but in practice is installed with the
public headers.

This commit makes check-names.sh pass.

```
perl -i -pe 's/\bMBEDTLS_SSL__ECP_RESTARTABLE\b/MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED/g; s/\bMBEDTLS_KEY_EXCHANGE_(_\w+)_(_\w+)\b/MBEDTLS_KEY_EXCHANGE${1}${2}/g' include/mbedtls/*.h library/*.c programs/*/*.c scripts/data_files/rename-1.3-2.0.txt tests/suites/*.function
```
2020-03-23 17:55:32 +01:00
Gilles Peskine d3d02900f2 Restore X509 and SSL functionality
Look for changes that remove X509/SSL functionality.
```
git diff 'HEAD^{/^Merge}~1' HEAD --diff-filter=M -- . ':!library/error.c' ':!library/version_features.c' ':!programs/test/query_config.c' ':!visualc' ':!*.pdf' ':!*.der' | grep -E "^-.*MBEDTLS_(ERR_)?(PKCS11|X509|NET|SSL)_"
```

All of these removals are in `config.h` or `check_config.h`. Selectively revert the differences in these two files.

```
git diff 'HEAD^{/^Merge}~1' 'HEAD^{/^Merge}' include/mbedtls/config.h include/mbedtls/check_config.h | git apply -p1 -R
```

* `include/mbedtls/check_config.h`:
    * ARIA for GCM: don't remove it.
    * `MBEDTLS_PSA_CRYPTO_SE_C`: don't remove it.
    * `MBEDTLS_SHA512_NO_SHA384`: don't remove it.
    * `MBEDTLS_SSL_DTLS_CONNECTION_ID`: restore it.
* `include/mbedtls/config.h`:
    * warning about `MBEDTLS_ECDSA_SIGN_ALT`: don't remove it.
    * `MBEDTLS_CTR_DRBG_USE_128_BIT_KEY` full paragraph: don't remove it.
    * `MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER`: don't remove it.
    * `MBEDTLS_SHA512_SMALLER`…: don't remove it.
    * `MBEDTLS_SSL_RECORD_CHECKING`: restore it.
    * `MBEDTLS_SSL_CONTEXT_SERIALIZATION`: restore it.
    * `MBEDTLS_USE_PSA_CRYPTO` note: don't restore the tls version.
    * `MBEDTLS_USE_PSA_CRYPTO` warning: restore the tls version.
    * `MBEDTLS_CMAC_C`: restore it to being disabled by default. It's a minor API change in Mbed TLS because it changes the layout of `mbedtls_cipher_context_t`.
    * `MBEDTLS_CTR_DRBG_C`: don't restore the older version of the description from tls.
    * `MBEDTLS_GCM_C`: don't restore the older description from tls.
    * `MBEDTLS_PSA_CRYPTO_C`: don't restore `crypto/`.
    * `MBEDTLS_PSA_CRYPTO_SE_C`: don't remove it.
    * `MBEDTLS_PSA_CRYPTO_STORAGE_C`: don't restore `crypto/`. Don't disable it by default.
    * `MBEDTLS_PSA_ITS_FILE_C`: don't restore, like for ``MBEDTLS_PSA_CRYPTO_STORAGE_C``.
    * `MBEDTLS_CTR_DRBG_USE_128_BIT_KEY` single line: don't restore it since there is now a full paragraph in the proper section above.
    * `MBEDTLS_SSL_CID_IN_LEN_MAX`…: restore it.
    * `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES`: restore the version without a space to format the line like the others.
2020-03-23 17:55:31 +01:00
Gilles Peskine b99bd39b4e Merge mbed-crypto into mbedtls: the merge commit
Merge `unremove-non-crypto` into `mbedtls/development`. The branch
`unremove-non-crypto` was obtained by starting from `mbed-crypto/development`,
then reverting many commits that removed X.509 and TLS functionality when Mbed
Crypto forked from Mbed TLS (the “unremoval”), then make a few tweaks to
facilitate the merge.

The unremoval step restored old versions of some tls files. If a file doesn't
exist in mbed-crypto, check out the mbedtls version, regardless of what
happened during the unremoval of tls files in the crypto tree. Also
unconditionally take the mbedtls version of a few files where the
modifications are completely project-specific and are not relevant in
mbed-crypto:

* `.github/issue_template.md`: completely different. We may want to reconcile
  them independently as a follow-up.
* `.travis.yml`: would only be reverted to an earlier tls version.
* `README.md`: completely different. We may want to reconcile them
  independently as a follow-up.
* `doxygen/input/doc_mainpage.h`: the changes in crypto were minimal and not
  relevant except as a stopgap as mbed-crypto did not have its own product
  versioning in the Doxygen documentation.
* `tests/.jenkins/Jenkinsfile`: completely different.
* `tests/data_files/Makefile`: there were no changes in mbed-crypto,
  but the unremoval step restored an old version.

Shell script for everything to do after the merge apart from the conflict
resolution:
```
tls_files=($(comm -23 <(git ls-tree -r --name-only HEAD) <(git ls-tree -r --name-only $(git merge-base upstream-crypto/development MERGE_HEAD))))
tls_files+=($tls_files .github/issue_template.md .travis.yml README.md doxygen/input/doc_mainpage.h tests/.jenkins/Jenkinsfile tests/data_files/Makefile)
git checkout --theirs HEAD -- $tls_files
git add -- $tls_files
```

Resolve the remaining conflicts:

* `library/CMakeLists.txt`:
    * Keep the TLS definition of `src_crypto`
    * `USE_SHARED_MBEDTLS_LIBRARY`: keep all three libraries, with both
      `include` and `crypto/include` in `target_include_directories`, all with
      version `2.21.0`.
* `programs/Makefile`:
    * Reconcile the APPS lists (add/add from a differently-formatted common
      ancestor): insert the `psa/*` from crypto into the tls list.
    * Keep the `fuzz` target defined only in tls version.
    * Keep the recipe (only in tls version) cleaning `ssl_pthread_server`
      stuff for the `clean` target.
* `scripts/config.py`:
    * `include_in_full`: add/add conflict. Keep both.
* `tests/scripts/all.sh`:
    * `component_test_no_use_psa_crypto_full_cmake_asan`: partially old
      version in crypto. Take the tls version.
    * `component_test_malloc_0_null` and more: take
      `component_test_malloc_0_null` from crypto (with `config.py` rather than
      `config.pl`, and with `$ASAN_FLAGS` rather than an explicit list), but
      add the call to `ssl-opt.sh` from tls. Take the other components from
      crypto.

With this commit, building and running the unit tests with both `make ` and
`cmake` work in the default configuration on Linux. Other platforms, build
systems and configurations are likely not to work, and there is some
regression in test coverage.

There is some loss of functionality because the unremoval step restored older
versions of tls content. This commit contains the latest tls version of
tls-only files, but some changes from the tls side in files that existed on
both sides have regressed. Most problematic changes are hunks that remove some
tls-specific feature and contain either a C preprocessor symbol identifying a
tls-specific module or option, or the name of a tls-specific file. Hunks
that remove a tls-specific preprocessor symbol can be identified with the
regular expression `^-.*MBEDTLS_(ERR_)?(PKCS11|X509|NET|SSL)_`.

Subsequent commits will revert a few parts of the patch from this merge commit
in order to restore the tls functionality that it removes, ensure that the
test coverage includes what was covered in either branch, and fix test
failures.
2020-03-23 17:54:46 +01:00
Gilles Peskine 43aa905d1e DHM functions are not part of x509
In the old days, key parsing was part of x509, but these days it's
part of crypto.
2020-03-19 14:23:45 +01:00
Gilles Peskine 1174db5bac Revert "ecp: Remove dependency on TLS and X.509"
This reverts commit de0a41b716.
2020-03-19 14:23:45 +01:00
Gilles Peskine d40f0070ec Revert "dhm: Remove dependency on TLS"
This reverts commit ed16ca7b63.
2020-03-19 14:23:45 +01:00
Gilles Peskine 96ddb0ab4d Revert "asn1: Remove dependency on X.509"
This reverts commit d8087713ae.
2020-03-19 14:23:45 +01:00
Gilles Peskine 7dc97048d6 Revert "Remove tests that depend on TLS or X.509"
This reverts commit 9afb2e9921.

Conflicts:
* include/CMakeLists.txt
  * "Make config.h available" comment: there has been a change
    adjacent to where it was removed. Just re-add what was removed.
* tests/CMakeLists.txt:
  * compat.sh: there has been a change immediately before where it was
    removed. Just re-add what was removed.
2020-03-19 14:17:54 +01:00
Gilles Peskine 4e1174967a Revert "config: Remove TLS and NET options"
This reverts commit 1c66e48670.

Conflicts:
* include/mbedtls/check_config.h:
    * MBEDTLS_SSL_PROTO_SSL3: there has been an addition (of
      MBEDTLS_SHA512_NO_SHA384) at the place where it was removed. Re-add it
      after (alphabetical order).
    * MBEDTLS_ENABLE_WEAK_CIPHERSUITES: there has been an addition (of
      MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) at the place where it was removed.
      Re-add it after (alphabetical order).
    * MBEDTLS_SSL_ALL_ALERT_MESSAGES: there has been an addition (of
      MBEDTLS_SHA512_SMALLER) at the place where it was removed. Re-add it
      after (alphabetical order).
* include/mbedtls/config.h:
    * MBEDTLS_ENABLE_WEAK_CIPHERSUITES: there has been an addition (of
      MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) at the place where it was removed.
      Re-add it after (alphabetical order).
    * MBEDTLS_SSL_ALL_ALERT_MESSAGES: there has been an addition (of
      MBEDTLS_SHA512_SMALLER) at the place where it was removed. Re-add it
      after (alphabetical order).
* library/version_features.c: re-generate by running
  scripts/generate_features.pl.
* programs/test/query_config.c: re-generate by running
  scripts/generate_query_config.pl.
* scripts/config.pl: this file has been replaced by config.py. Port
  the reversed changes to config.py:
    * Revert removing three symbols from the list of symbols to
      exclude from full.
    * Revert removing one symbol (MBEDTLS_NET_C) from the list of symbols
      to exclude from baremetal.
* scripts/footprint.sh:
    * Re-add the line to unset MBEDTLS_NET_C, but with config.py instead of
      config.pl.
* tests/scripts/all.sh:
    * component_test_no_platform: re-add the line to unset MBEDTLS_NET_C, but
      with config.py instead of config.pl.
    * component_build_arm_none_eabi_gcc,
    component_build_arm_none_eabi_gcc_no_udbl_division,
    component_build_arm_none_eabi_gcc_no_64bit_multiplication,
    component_build_armcc: these components now use the baremetal
    configuration, so they do not need to turn off MBEDTLS_NET_C explicitly.
2020-03-19 13:55:04 +01:00
Gilles Peskine 252e391cca Revert "config: Remove X.509 options"
This reverts commit bb1f701212.

* include/mbedtls/check_config.h:
    * MBEDTLS_X509_RSASSA_PSS_SUPPORT: there has been an addition (of
      MBEDTLS_SHA512_NO_SHA384) at the place where it was removed.
      Re-add it before MBEDTLS_SHA512_NO_SHA384 to keep it grouped
      with MBEDTLS_RSA_C.

Conflicts:
* scripts/config.pl: this file has been replaced by config.py. Port
  the reversed changes to config.py:
    * Revert removing three symbols from the list of symbols to
      exclude from full.
2020-03-19 13:53:18 +01:00
Gilles Peskine 458b8f2a59 Revert "Remove unused TLS, NET, and X.509 files"
This reverts commit a4308b29a4.
2020-03-19 13:36:33 +01:00
Andrzej Kurek 03da0846df
ssl - improve documentation on mbedtls_ssl_read and PEER_CLOSE_NOTIFY
Add a description of MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY to the
documentation, as suggested by hanno-arm.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-18 05:35:31 -04:00
Gilles Peskine 9bf54fa22c Revert "doxygen: Update for Mbed Crypto"
This reverts commit 32577734e2.
2020-03-04 15:39:14 +01:00
Gilles Peskine db7d5f024d Revert "config: Remove explicit ciphersuite lists"
This reverts commit 7242ea688a.
2020-03-04 15:39:14 +01:00
Gilles Peskine 40f17dc803 Revert "Remove certs.h"
This reverts commit b8e4ae18cf.
2020-03-04 15:39:14 +01:00
Andrzej Kurek 0afa2a1b65
Add I/O buffer resizing in handshake init and free
Add a conditional buffer resizing feature. Introduce tests exercising
it in various setups (serialization, renegotiation, mfl manipulations).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-04 09:28:16 -05:00
Darryl Green b33cc7688e
Add I/O buffer length fields to mbedtls_ssl_context
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Darryl Green <darryl.green@arm.com>
2020-03-03 10:44:49 -05:00
Andrzej Kurek 033c42a90b
Fix I/O buffer sizes when MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled
Fix a typo that made the buffer sizes smaller with CID enabled.
Fixes #3077.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-03 10:44:39 -05:00
Manuel Pégourié-Gonnard a4522e8467 Uniformize wording for removal of deprecated things
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:54 +01:00
Andres Amaya Garcia 10edb3e8da Add comment to matching #endif
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:52 +01:00
Andres Amaya Garcia da15409aea Remove the word likely from deprecated documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:51 +01:00
Andres Amaya Garcia 4156ac18d7 Wrap deprecations for HW_RECORD_ACCEL with DEPRECATED_REMOVED
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:48 +01:00
Andres Amaya Garcia 3f6cc5f786 Deprecate global func ptrs for MBEDTLS_SSL_HW_RECORD_ACCEL
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:46 +01:00
Andres Amaya Garcia 84b4e796a3 Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL config
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:27 +01:00
Janos Follath 84d2fd4ee2 Bump version to Mbed TLS 2.21.0 2020-02-19 14:35:16 +00:00
Janos Follath cf4a40ba0a
Merge pull request #370 from yanesca/update-version-2.21.0
Bump version to Mbed TLS 2.21.0
2020-02-19 14:21:11 +00:00
Janos Follath bc7c2424c9 Bump version to Mbed TLS 2.21.0 2020-02-19 11:51:13 +00:00
Manuel Pégourié-Gonnard a0c164a2d4
Merge pull request #3010 from hanno-arm/tls_msg_split
Introduce separate source file for SSL messaging layer
2020-02-12 09:59:12 +01:00
Hanno Becker 08f091397c Add compile-time guards around declarations in ssl_internal.h 2020-02-11 15:40:07 +00:00
Soby Mathew 0a4270d732 Change the compatibility API to inline functions
This patch changes the compatibility API defined in crypto_compat.h
to static inline functions as the previous macro definitions were
causing issues for the C pre-processor when included in projects
which need to redefine the PSA function names. Making it static
inline function solves this problem neatly and also modern compilers
do a good job at inlining the function which makes the need for making
it a macro redundant.

Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2020-02-10 17:26:22 +00:00
Hanno Becker 89490716e9 Move ssl_get_current_mtu() to public namespace 2020-02-05 10:50:52 +00:00
Hanno Becker 533ab5f5c2 Move flight and message buffering functions to public namespace 2020-02-05 10:50:52 +00:00
Hanno Becker 40cdaa1263 Move ssl_start_renegotiation() to public namespace 2020-02-05 10:50:51 +00:00
Hanno Becker ce5f5fdcb4 Move ssl_handshake_wrapup_free_hs_transform() to public namespace 2020-02-05 10:50:51 +00:00
Hanno Becker 786300f898 Move ssl_resend_hello_request() to public namespace 2020-02-05 10:50:51 +00:00
Hanno Becker 7e8e6a6870 Move ssl_dtls_replay_reset() to public namespace 2020-02-05 10:50:51 +00:00
Hanno Becker 43aefe2321 Move ssl_session_reset_int() to public namespace 2020-02-05 10:50:51 +00:00
Hanno Becker 3e6f8ab14a Move SSL internal pointer updating routines to public namespace 2020-02-05 10:50:51 +00:00
Hanno Becker 7876d127a9 Move ssl_check_timer() to public namespace 2020-02-05 10:50:51 +00:00
Hanno Becker dd77229184 Move ssl_ep_len() to public namespace 2020-02-05 10:50:51 +00:00
Hanno Becker 0f57a65391 Move ssl_set_timer() to public namespace 2020-02-05 10:50:45 +00:00
Manuel Pégourié-Gonnard 0330e21043 Merge branch 'public/pr/2261' into development
* iotssl-2652-deprecate-pkcs11:
  Group PKCS11_C entries in check_config.h
  Clarify that what we're dropping is pkcs11-helper support
  Fix typo in doxy docs for ssl_pkcs11_sign()
  Add missing docs to PKCS#11 public funcs
  Wrap PKCS1 module with DEPRECATED_REMOVED
  Fix deprecated docs for PKCS1
  Deprecate MBEDTLS_PKCS11_C functions
  Add ChangeLog entry for MBEDTLS_PKCS11_C deprecation
  Deprecate MBEDTLS_PKCS11_C feature
2020-02-04 12:39:34 +01:00
Manuel Pégourié-Gonnard 320f4d9c98 Group PKCS11_C entries in check_config.h 2020-02-04 09:17:29 +01:00
Gilles Peskine 2579675935 Merge remote-tracking branch 'upstream-public/development' into development
Files deleted by us: keep them deleted.

```
git rm $(git status -s | sed -n 's/^DU //p')
```

Individual files with conflicts:

* `README.md`: keep the crypto version.
* `doxygen/input/doc_mainpage.h`: keep the crypto version (with an obsolete Mbed Crypto version number).
* `include/mbedtls/error.h`:
    * `ERROR`: similar additions made through parallel commits, with only whitespace differences. Align with the tls version.
* `library/CMakeLists.txt`: keep the crypto version.
* `library/Makefile`: keep the crypto version.
* `scripts/generate_errors.pl`: keep the crypto version (the relevant changes were made through parallel commits).
* `tests/scripts/check-test-cases.py`:
    * `Results`: keep the crypto version, which has both the new argument to the constructor (added in crypto only) and the class docstring (added through parallel commits).
* `tests/suites/helpers.function`:
    * `ARRAY_LENGTH`, `ASSERT_ALLOC`: additions in the same location. Keep both, in indifferent order.
* `tests/suites/target_test.function`:
    * `receive_uint32`: keep the crypto version which has an additional bug fix. The tls changes made in tls are irrelevant after this bug fix.
* `visualc/VS2010/mbedTLS.vcxproj`: run `scripts/generate_visualc_files.pl`.

Review of non-conflicting changes:

* `all.sh`: 1 change.
    * zlib test components: don't add them.
* `include/CMakeLists.txt`: 1 change.
    * `target_include_directories`: doesn't work as is (different target name). Don't take the change.
* All other non-conflicting changes: take them.
2020-02-03 18:52:36 +01:00
Janos Follath 2fdb1af18c
Merge pull request #2236 from andresag01/iotssl-2156-deprecate-sslv3
Deprecate SSLv2 parsing and SSLv3
2020-02-03 15:11:33 +00:00
Hanno Becker 34aada2df5 Replace use of uint8_t by unsigned char in ASN.1 seq traversal API
The rest of the ASN.1 API uses `unsigned char`, too.
2020-02-03 10:39:55 +00:00
Hanno Becker 199b709e53 ASN.1: Add ASN.1 SEQUENCE traversal API 2020-01-31 15:37:26 +00:00
Gilles Peskine b5c74a53d8 Document one more error code for mbedtls_asn1_get_sequence_of
Also fix a copypasta.
2020-01-31 15:37:26 +00:00
Hanno Becker 12ae27dd0e ASN.1: Introduce helper function to free ASN.1 sequence 2020-01-31 15:37:26 +00:00
Hanno Becker 63e38fe914 ASN.1: Add helper macro to compare ASN.1 buffer to OID string 2020-01-31 15:37:26 +00:00
Hanno Becker cba7122d74 ASN.1: Add helper macro to detect string types 2020-01-31 15:37:26 +00:00
Gilles Peskine 42459805ce USE_PSA_CRYPTO: don't rely on the curve encoding
Adapt to the change of encoding of elliptic curve key types in PSA
crypto. Before, an EC key type encoded the TLS curve identifier. Now
the EC key type only includes an ad hoc curve family identifier, and
determining the exact curve requires both the key type and size. This
commit moves from the old encoding and old definitions from
crypto/include/mbedtls/psa_util.h to the new encoding and definitions
from the immediately preceding crypto submodule update.
2020-01-31 14:57:43 +01:00
Gilles Peskine 7cfcb3fc03 Change the encoding of key types to have a parity bit
Change the encoding of key types, EC curve families and DH group
families to make the low-order bit a parity bit (with even parity).

This ensures that distinct key type values always have a Hamming
distance of at least 2, which makes it easier for implementations to
resist single bit flips.
2020-01-31 10:24:21 +01:00
Gilles Peskine 46e6f9de4a Document the vendor range for EC curve and DH group families 2020-01-31 10:24:21 +01:00
Gilles Peskine f65ed6f254 Change key types to a 16-bit encoding
All key types now have an encoding on 32 bits where the bottom 16 bits
are zero. Change to using 16 bits only.

Keep 32 bits for key types in storage, but move the significant
half-word from the top to the bottom.

Likewise, change EC curve and DH group families from 32 bits out of
which the top 8 and bottom 16 bits are zero, to 8 bits only.

Reorder psa_core_key_attributes_t to avoid padding.
2020-01-31 10:24:21 +01:00
Gilles Peskine b87b719467 Remove old values of curve encodings
Remove the values of curve encodings that are based on the TLS registry
and include the curve size, keeping only the new encoding that merely
encodes a curve family in 8 bits.

Keep the old constant names as aliases for the new values and
deprecate the old names.
2020-01-31 10:24:21 +01:00
Gilles Peskine d1959dcd4a Change auxiliary functions for TLS to the new PSA EC curve encoding
This is a change to an internal API that is exposed only for the sake
of Mbed TLS.
2020-01-31 10:24:21 +01:00
Gilles Peskine 89177e862b Convert USE_PSA_CRYPTO pk interface to the new PSA EC curve encoding 2020-01-31 10:15:32 +01:00
Gilles Peskine 45c29ce4c0 Move size-specific curve/group constants to crypto_compat.h 2020-01-31 10:15:32 +01:00
Gilles Peskine 228abc5773 Define EC curve family constants
Define constants for ECC curve families and DH group families. These
constants have 0x0000 in the lower 16 bits of the key type.

Support these constants in the implementation and in the PSA metadata
tests.

Switch the slot management and secure element driver HAL tests to the
new curve encodings. This requires SE driver code to become slightly
more clever when figuring out the bit-size of an imported EC key since
it now needs to take the data size into account.

Switch some documentation to the new encodings.

Remove the macro PSA_ECC_CURVE_BITS which can no longer be implemented.
2020-01-31 10:15:32 +01:00
Gilles Peskine 025fccdc32 Change the encoding of EC curves and DH groups to include the size
Change the representation of psa_ecc_curve_t and psa_dh_group_t from
the IETF 16-bit encoding to a custom 24-bit encoding where the upper 8
bits represent a curve family and the lower 16 bits are the key size
in bits. Families are based on naming and mathematical similarity,
with sufficiently precise families that no two curves in a family have
the same bit size (for example SECP-R1 and SECP-R2 are two different
families).

As a consequence, the lower 16 bits of a key type value are always
either the key size or 0.
2020-01-31 10:15:32 +01:00
Gilles Peskine d8197cb902 mbedtls_psa_parse_tls_ecc_group: make no assumption on PSA encodings
Don't assume that the PSA encoding of elliptic curves is identical to
the TLS encoding. This is currently true but about to change.

The new implementation only works when MBEDTLS_ECP_C is defined. This
is ok because the function is only used with MBEDTLS_ECP_C defined.
2020-01-31 10:15:32 +01:00
Gilles Peskine fc2459db13 Remove mbedtls_psa_translate_ecc_group
Internally, use the corresponding function from psa_crypto.c instead.
Externally, this function is not used in Mbed TLS and is documented as
"may change at any time".
2020-01-31 10:15:32 +01:00
Gilles Peskine 5055b239bf Expose mbedtls/psa curve identifier conversions from psa_crypto.c 2020-01-31 10:15:32 +01:00
Gilles Peskine 2eea95cb5d Extract the block size from the key type encoding 2020-01-31 10:15:32 +01:00
Gilles Peskine 7bfcfac164 Change key type encodings to avoid bit 16
Key types are now encoded through a category in the upper 4 bits (bits
28-31) and a type-within-category in the next 11 bits (bits 17-27),
with bit 16 unused and bits 0-15 only used for the EC curve or DH
group.

For symmetric keys, bits 20-22 encode the block size (0x0=stream,
0x3=8B, 0x4=16B).
2020-01-31 10:15:32 +01:00
Gilles Peskine 8fe6e0de3a Symmetric key types only use the upper 16 bits of psa_key_type_t
Change the numerical encoding of values for symmetric key types to
have 0000 as the lower 16 bits. Now the lower 16 bits are only used
for key types that have a subtype (EC curve or DH group).
2020-01-31 10:15:32 +01:00
Gilles Peskine 13faa2d920 Don't declare a parameter as const
An earlier commit fixed this for psa_hash_compare. psa_mac_verify had
the same flaw.
2020-01-30 16:32:21 +01:00
Gilles Peskine fa710f5c6a Don't declare a parameter as const
Whether a parameter should be const is an implementation detail of the
function, so don't declare a parameter of psa_hash_compare as
const. (This only applies to parameters themselves, not to objects
that pointer parameters points to.)
2020-01-30 12:27:14 +01:00
Manuel Pégourié-Gonnard f712e163b0
Merge pull request #179 from mpg/sha512-no-sha384
Add option to build SHA-512 without SHA-384
2020-01-30 10:32:20 +01:00
Andres Amaya Garcia 835b299e5e Fix wording of deprecated docs for SSL2 and SSL3 features 2020-01-30 10:16:15 +01:00
Andres Amaya Garcia e58532e1db Favour DEPRECATED_REMOVED over DEPRECATED_WARNING 2020-01-30 10:16:15 +01:00
Andres Amaya Garcia 88c2cc7213 Deprecate MBEDTLS_SSL_PROTO_SSL3 2020-01-30 10:16:15 +01:00
Andres Amaya Garcia 09634248cb Deprecate MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 2020-01-30 10:16:13 +01:00
Manuel Pégourié-Gonnard d020bfc396
Merge pull request #2949 from zfields/patch-1
[cmake] Propagate public headers
2020-01-30 09:53:16 +01:00
Gilles Peskine 907e95aa20 Clarify that what we're dropping is pkcs11-helper support
The PKCS11 module does not directly interface with PKCS#11 (also known
as Cryptoki), but with the pkcs11-helper library.
2020-01-29 09:40:32 +01:00
Andres Amaya Garcia 312431b398 Fix typo in doxy docs for ssl_pkcs11_sign() 2020-01-29 09:40:32 +01:00
Andres Amaya Garcia b37268d916 Add missing docs to PKCS#11 public funcs 2020-01-29 09:40:32 +01:00
Andres Amaya Garcia 9fc82efc6c Wrap PKCS1 module with DEPRECATED_REMOVED 2020-01-29 09:40:32 +01:00
Andres Amaya Garcia 99fc3876ed Fix deprecated docs for PKCS1 2020-01-29 09:40:32 +01:00
Andres Amaya Garcia 0d6e108b13 Deprecate MBEDTLS_PKCS11_C functions 2020-01-29 09:40:32 +01:00
Andres Amaya Garcia be3a4406d2 Deprecate MBEDTLS_PKCS11_C feature 2020-01-29 09:38:31 +01:00
Manuel Pégourié-Gonnard 3a3b5c7827 Improve doxygen formatting 2020-01-24 10:57:25 +01:00
Janos Follath 2e9f108fbd Bump version to Mbed TLS 2.20.0 2020-01-21 14:08:26 +00:00
Janos Follath 83f33d33eb Bump version to Mbed TLS 2.20.0 2020-01-20 14:52:29 +00:00
Janos Follath d27a88438f Merge branch 'development' into development-restricted 2020-01-15 15:55:11 +00:00
Jaeden Amero a15c71374b ctr_drbg: Clarify reseed_counter values before seeding
Before the initial seeding, reseed_counter used to always be 0. Now, the
value depends on whether or not the user has explicitly set the amount
of data to get from the nonce (via e.g.
mbedtls_ctr_drbg_set_nonce_len()). Add comments to clarify the possible
values reseed_counter can have before the initial seeding.
2020-01-09 13:48:52 +00:00
Manuel Pégourié-Gonnard 1e6fb01448 Make SHA512_NO_SHA384 depend on SHA512_C 2020-01-07 11:00:34 +01:00
Manuel Pégourié-Gonnard 663ee2019a Clarify documentation on is384. 2020-01-07 10:11:22 +01:00
Manuel Pégourié-Gonnard d602084cde Implement NO_SHA384 in MD layer and PSA 2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard 3df4e60561 Implement SHA512_NO_SHA384 in sha512 module
Saves 140 bytes on sha512.o, measured with:

arm-none-eabi-gcc -Wall -Wextra -Iinclude -Os -mcpu=cortex-m0plus -mthumb -c library/sha512.c && arm-none-eabi-size sha512.o

arm-none-eabi-gcc (GNU Tools for Arm Embedded Processors 7-2018-q2-update) 7.3.1 20180622 (release) [ARM/embedded-7-branch revision 261907]

Todo:
- fix selftest
- fix dependencies in test suites
- implement in MD layer
2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard ad6cb11461 Declare new config.h option MBEDTLS_SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
Jaeden Amero 795c6bab62
Merge pull request #323 from yanesca/iotcrypt-942-initialise-return-values
Initialise return values to an error
2019-12-19 10:24:22 +00:00
Janos Follath 2d20567122 Add two error codes to the Error module
One of the error codes was already reserved, this commit just makes it
explicit. The other one is a new error code for initializing return
values in the library: `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` should
not be returned by the library. If it is returned, then it is surely a
bug in the library or somebody is tampering with the device.
2019-12-16 15:15:16 +00:00
Janos Follath ab534cfd62 Fix number of allocated errors in Platform 2019-12-12 14:34:30 +00:00
Janos Follath 9c2ccd2e7a Fix error code range in documentation 2019-12-12 14:24:46 +00:00
Gilles Peskine 46c33801f3 Remove unused macros 2019-12-12 09:00:27 +01:00
Gilles Peskine f8210f2bd5 Test the block size for symmetric keys
Also insist on their category.

Fix a missing implementation of PSA_BLOCK_CIPHER_BLOCK_SIZE for
ChaCha20.
2019-12-12 09:00:27 +01:00
Gilles Peskine 81f7909497
Merge pull request #325 from gilles-peskine-arm/psa-sign_hash
Rename psa_asymmetric_{sign_verify} to psa_{sign,verify}_hash
2019-12-06 10:10:14 +01:00
Zachary J. Fields 2347a34b75
Propagate public headers
Declare include headers as `PUBLIC` to propagate to project consumers
2019-12-03 16:19:53 -06:00
Janos Follath 60f6b64b8f Add two error codes to the Error module
One of the error codes was already reserved, this commit just makes it
explicit. The other one is a new error code for initializing return
values in the library: `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` should
not be returned by the library. If it is returned, then it is surely a
bug in the library or somebody is tampering with the device.
2019-12-03 16:01:06 +00:00
Janos Follath d11550e11d Fix number of allocated errors in Platform 2019-12-03 16:01:06 +00:00
Gilles Peskine 1a60fa1e3a
Merge pull request #328 from gilles-peskine-arm/psa-ecdsa_deterministic_flag
Remove dependency of crypto_values.h on crypto_extra.h
2019-11-29 18:41:55 +01:00
Gilles Peskine 0168f2f2c1 Better documentation in crypto_compat.h
Note that the identifiers declared in this header are deprecated.

Indicate what API version identifiers were from.
2019-11-29 12:23:46 +01:00
Gilles Peskine 972630e240 Remove dependency of crypto_values.h on crypto_extra.h
Define PSA_ALG_ECDSA_DETERMINISTIC_FLAG in crypto_values.h.

This is necessary for the current PSA API specification processing
scripts.
2019-11-29 11:55:48 +01:00
Gilles Peskine 7bb1a7e0bf
Merge pull request #307 from msopiha-linaro/development
Add ASN.1 ENUMERATED tag support
2019-11-28 10:20:18 +01:00
Gilles Peskine 4151094a52 Add backward compatibility aliases for signature-related identifiers
Define deprecated aliases for identifiers that are being renamed.
2019-11-26 19:08:55 +01:00
Gilles Peskine 89d8c5c447 Rename some signature-related identifiers
Rename some macros and functions related to signature which are
changing as part of the addition of psa_sign_message and
psa_verify_message.

perl -i -pe '%t = (
PSA_KEY_USAGE_SIGN => PSA_KEY_USAGE_SIGN_HASH,
PSA_KEY_USAGE_VERIFY => PSA_KEY_USAGE_VERIFY_HASH,
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE => PSA_SIGNATURE_MAX_SIZE,
PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE => PSA_SIGN_OUTPUT_SIZE,
psa_asymmetric_sign => psa_sign_hash,
psa_asymmetric_verify => psa_verify_hash,
); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files . ':!:**/crypto_compat.h')
2019-11-26 18:20:59 +01:00
Gilles Peskine 7b0ab6d34a Simplify support for deprecated constants of various types
Generalize MBEDTLS_DEPRECATED_NUMERIC_CONSTANT into macros that can
accommodate types other than int.
2019-11-26 18:20:58 +01:00
Gilles Peskine 7a894f2142 Move backward compatibility aliases to their own header
Move backward compatibility aliases to a separate header. Reserve
crypto_extra.h for implementation-specific extensions that we intend
to keep supporting.

This is better documentation for users. New users should simply ignore
backward compatibility aliases, and old users can look at
crypto_compat.h to see what is deprecated without bothering about new
features appearing in crypto_extra.h.

This facilitates maintenance because scripts such as
generate_psa_constants that want to ignore backward compability
aliases can simply exclude crypto_compat.h from their parsing.
2019-11-26 18:20:58 +01:00
Gilles Peskine 87ef0c24af Merge branch 'development' into development-restricted 2019-11-20 20:09:34 +01:00
Gilles Peskine 9afbfdc833 Merge remote-tracking branch 'myfork-public/development' into merge-crypto-development-20191115
First deal with deleted files.

* Files deleted by us: keep them deleted.
* Files deleted by them, whether modified by us or not: keep our version.

```
git rm $(git status -s | sed -n 's/^DU //p')
git reset -- $(git status -s | sed -n 's/^D  //p')
git checkout -- $(git status -s | sed -n 's/^ D //p')
git add -- $(git status -s | sed -n 's/^UD //p')
```

Individual files with conflicts:

* `3rdparty/everest/library/Hacl_Curve25519_joined.c`: spurious conflict because git mistakenly identified this file as a rename. Keep our version.
* `README.md`: conflict due to their change in a paragraph that doesn't exist in our version. Keep our version of this paragraph.
* `docs/architecture/Makefile`: near-identical additions. Adapt the definition of `all_markdown` and include the clean target.
* `doxygen/input/docs_mainpage.h`: conflict in the version number. Keep our version number.
* `include/mbedtls/config.h`: two delete/modify conflicts. Keep the removed chunks out.
* `library/CMakeLists.txt`: discard all their changes as they are not relevant.
* `library/Makefile`:
    * Discard the added chunk about the crypto submodule starting with `INCLUDING_FROM_MBEDTLS:=1`.
    * delete/modify: keep the removed chunk out.
    * library build: This is almost delete/modify. Their changes are mostly not applicable. Do keep the `libmbedcrypto.$(DLEXT): | libmbedcrypto.a` order dependency.
    * `.c.o`: `-o` was added on both sides but in a different place. Change to their place.
* `library/error.c`: to be regenerated.
* `library/version_features.c`: to be regenerated.
* `programs/Makefile`: Most of the changes are not relevant. The one relevant change is in the `clean` target for Windows; adapt it by removing `/S` from our version.
* `programs/test/query_config.c`: to be regenerated.
* `scripts/config.py`: added in parallel on both sides. Keep our version.
* `scripts/footprint.sh`: parallel changes. Keep our version.
* `scripts/generate_visualc_files.pl`: one delete/modify conflict. Keep the removed chunks out.
* `tests/Makefile`: discard all of their changes.
* `tests/scripts/all.sh`:
    * `pre_initialize_variables` add `append_outcome`: add it.
    * `pre_initialize_variables` add `ASAN_CFLAGS`: already there, keep our version.
    * `pre_parse_command_line` add `--no-append-outcome`: add it.
    * `pre_parse_command_line` add `--outcome-file`: add it.
    * `pre_print_configuration`: add `MBEDTLS_TEST_OUTCOME_FILE`.
    * Several changes in SSL-specific components: keep our version without them.
    * Several changes where `config.pl` was changed to `config.py` and there was an adjacent difference: keep our version.
    * Changes regarding the inclusion of `MBEDTLS_MEMORY_xxx`: ignore them here, they will be normalized in a subsequent commit.
    * `component_test_full_cmake_gcc_asan`: add it without the TLS tests.
    * `component_test_no_use_psa_crypto_full_cmake_asan`: keep the fixed `msg`, discard other changes.
    * `component_test_memory_buffer_allocator_backtrace`, `component_test_memory_buffer_allocator`: add them without the TLS tests.
    * `component_test_m32_everest`: added in parallel on both sides. Keep our version.
* `tests/scripts/check-names.sh`, `tests/scripts/list-enum-consts.pl`, `tests/scripts/list-identifiers.sh`, ``tests/scripts/list-macros.sh`: discard all of their changes.
* `tests/scripts/test-ref-configs.pl`: the change in the conflict is not relevant, so keep our version there.
* `visualc/VS2010/*.vcxproj`: to be regenerated.

Regenerate files:

```
scripts/generate_visualc_files.pl
git add visualc/VS2010/*.vcxproj
scripts/generate_errors.pl
git add library/error.c
scripts/generate_features.pl
git add library/version_features.c
scripts/generate_query_config.pl
git add programs/test/query_config.c
```

Rejected changes in non-conflicting files:

* `CMakeLists.txt`: discard their addition which has already been side-ported.
* `doxygen/mbedtls.doxyfile`: keep the version number change. Discard the changes related to `../crypto` paths.

Keep the following changes after examination:

* `.travis.yml`: all of their changes are relevant.
* `include/mbedtls/error.h`: do keep their changes. Even though Crypto doesn't use TLS errors, it must not encroach on TLS's allocated numbers.
* `tests/scripts/check-test-cases.py`: keep the code dealing with `ssl-opt.sh`. It works correctly when the file is not present.
2019-11-15 11:47:14 +01:00
Gilles Peskine 3bdd412d09 Invoke config.py instead of config.pl
git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g'

Also:
* Change one comment in include/mbedtls/check_config.h.
* Change PERL to PYTHON in CMakeLists.txt.
2019-11-13 14:33:33 +00:00
Gilles Peskine 73a1f377f0 Add documentation notes about the required size of the signature buffers 2019-11-13 12:15:35 +01:00
k-stachowiak ff25af2c15 Add missing MBEDTLS_ECP_C dependencies in check_config.h 2019-11-13 12:15:35 +01:00
Gilles Peskine f0d87001d0
Merge pull request #315 from gilles-peskine-arm/pk_signature_max_size
Define MBEDTLS_PK_SIGNATURE_MAX_SIZE
2019-11-13 12:13:57 +01:00
Gilles Peskine 9db14fa478 Update the documentation of mbedtls_pk_sign_restartable()
Clarify the documentation regarding the signature size.

Also fix minor niggles about references to mbedtls_pk_sign().
2019-11-13 10:57:59 +01:00
Gilles Peskine 5460565be4 Fix errors in the definition of MBEDTLS_PK_SIGNATURE_MAX_SIZE
The initial value for the max calculation needs to be 0. The fallback
needs to come last. With the old code, the value was never smaller
than the fallback.

For RSA_ALT, use MPI_MAX_SIZE. Only use this if RSA_ALT is enabled.

For PSA, check PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE, and separately check
the special case of ECDSA where PSA and mbedtls have different
representations for the signature.
2019-11-13 10:57:59 +01:00
Gilles Peskine cb0101ff33
Merge pull request #298 from gilles-peskine-arm/config-symmetric-only
Test a build without any asymmetric cryptography
2019-11-12 19:37:13 +01:00
Gilles Peskine 2975571ff5 Fix ECDSA case in PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE was taking the maximum ECDSA key
size as the ECDSA signature size. Fix it to use the actual maximum
size of an ECDSA signature.
2019-11-12 13:21:53 +01:00
Gilles Peskine b22a24b23f Fix MBEDTLS_PK_SIGNATURE_MAX_SIZE to account for ECDSA
The original definition of MBEDTLS_PK_SIGNATURE_MAX_SIZE only took RSA
into account. An ECDSA signature may be larger than the maximum
possible RSA signature size, depending on build options; for example
this is the case with config-suite-b.h.
2019-11-12 13:21:53 +01:00
Gilles Peskine da252bed3c Define a constant for the maximum signature size from pk_sign()
Based on the buffer size used in the pk_sign sample program, this is
MBEDTLS_MPI_MAX_SIZE.
2019-11-05 16:27:27 +01:00