lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Merge branch 'development' into mbedtls_private_with_python

Browse Source 
Conflicts:
         include/mbedtls/ecp.h

Conflict resolved by using the code from development branch
and manually applying the MBEDTLS_PRIVATE wrapping.
This commit is contained in:
Mateusz Starzyk
2021-06-07 09:49:01 +02:00
parent e7dce558c9 0c1a42a147
commit 854a25c7a4
74 changed files with 6356 additions and 1047 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
include/mbedtls/bignum.h
View File

@ -872,6 +872,44 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** Generate a random number uniformly in a range.
*
* This function generates a random number between \p min inclusive and
* \p N exclusive.
*
* The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)
* when the RNG is a suitably parametrized instance of HMAC_DRBG
* and \p min is \c 1.
*
* \note There are `N - min` possible outputs. The lower bound
* \p min can be reached, but the upper bound \p N cannot.
*
* \param X The destination MPI. This must point to an initialized MPI.
* \param min The minimum value to return.
* It must be nonnegative.
* \param N The upper bound of the range, exclusive.
* In other words, this is one plus the maximum value to return.
* \p N must be strictly larger than \p min.
* \param f_rng The RNG function to use. This must not be \c NULL.
* \param p_rng The RNG parameter to be passed to \p f_rng.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid
* or if they are incompatible.
* \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
* unable to find a suitable value within a limited number
* of attempts. This has a negligible probability if \p N
* is significantly larger than \p min, which is the case
* for all usual cryptographic applications.
* \return Another negative error code on failure.
*/
int mbedtls_mpi_random( mbedtls_mpi *X,
mbedtls_mpi_sint min,
const mbedtls_mpi *N,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/**
* \brief Compute the greatest common divisor: G = gcd(A, B)
*

235
include/mbedtls/ccm.h
View File

@ -56,6 +56,11 @@
#include "mbedtls/cipher.h"
#define MBEDTLS_CCM_DECRYPT 0
#define MBEDTLS_CCM_ENCRYPT 1
#define MBEDTLS_CCM_STAR_DECRYPT 2
#define MBEDTLS_CCM_STAR_ENCRYPT 3
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
@ -134,10 +139,10 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field. If \p add_len is greater than
* zero, \p add must be a readable buffer of at least that
* \param ad The additional data field. If \p ad_len is greater than
* zero, \p ad must be a readable buffer of at least that
* length.
* \param add_len The length of additional data in Bytes.
* \param ad_len The length of additional data in Bytes.
* This must be less than `2^16 - 2^8`.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
@ -155,7 +160,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
*/
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
@ -180,9 +185,9 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field. This must be a readable buffer of
* at least \p add_len Bytes.
* \param add_len The length of additional data in Bytes.
* \param ad The additional data field. This must be a readable buffer of
* at least \p ad_len Bytes.
* \param ad_len The length of additional data in Bytes.
* This must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
@ -203,7 +208,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
*/
int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
@ -219,9 +224,9 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field. This must be a readable buffer
* of at least that \p add_len Bytes..
* \param add_len The length of additional data in Bytes.
* \param ad The additional data field. This must be a readable buffer
* of at least that \p ad_len Bytes..
* \param ad_len The length of additional data in Bytes.
* This must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
@ -240,7 +245,7 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
*/
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
@ -261,9 +266,9 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field. This must be a readable buffer of
* at least that \p add_len Bytes.
* \param add_len The length of additional data in Bytes.
* \param ad The additional data field. This must be a readable buffer of
* at least that \p ad_len Bytes.
* \param ad_len The length of additional data in Bytes.
* This must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
@ -285,10 +290,208 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
*/
int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
/**
* \brief This function starts a CCM encryption or decryption
* operation.
*
* This function and mbedtls_ccm_set_lengths() must be called
* before calling mbedtls_ccm_update_ad() or
* mbedtls_ccm_update(). This function can be called before
* or after mbedtls_ccm_set_lengths().
*
* \note This function is not implemented in Mbed TLS yet.
*
* \param ctx The CCM context. This must be initialized.
* \param mode The operation to perform: #MBEDTLS_CCM_ENCRYPT or
* #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or
* #MBEDTLS_CCM_STAR_DECRYPT.
* \param iv The initialization vector. This must be a readable buffer
* of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
* \p ctx is in an invalid state,
* \p mode is invalid,
* \p iv_len is invalid (lower than \c 7 or greater than
* \c 13).
*/
int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
int mode,
const unsigned char *iv,
size_t iv_len );
/**
* \brief This function declares the lengths of the message
* and additional data for a CCM encryption or decryption
* operation.
*
* This function and mbedtls_ccm_starts() must be called
* before calling mbedtls_ccm_update_ad() or
* mbedtls_ccm_update(). This function can be called before
* or after mbedtls_ccm_starts().
*
* \note This function is not implemented in Mbed TLS yet.
*
* \param ctx The CCM context. This must be initialized.
* \param total_ad_len The total length of additional data in bytes.
* This must be less than `2^16 - 2^8`.
* \param plaintext_len The length in bytes of the plaintext to encrypt or
* result of the decryption (thus not encompassing the
* additional data that are not encrypted).
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
* \p ctx is in an invalid state,
* \p total_ad_len is greater than \c 0xFF00.
*/
int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
size_t total_ad_len,
size_t plaintext_len );
/**
* \brief This function feeds an input buffer as associated data
* (authenticated but not encrypted data) in a CCM
* encryption or decryption operation.
*
* You may call this function zero, one or more times
* to pass successive parts of the additional data. The
* lengths \p ad_len of the data parts should eventually add
* up exactly to the total length of additional data
* \c total_ad_len passed to mbedtls_ccm_set_lengths(). You
* may not call this function after calling
* mbedtls_ccm_update().
*
* \note This function is not implemented in Mbed TLS yet.
*
* \param ctx The CCM context. This must have been started with
* mbedtls_ccm_starts(), the lengths of the message and
* additional data must have been declared with
* mbedtls_ccm_set_lengths() and this must not have yet
* received any input with mbedtls_ccm_update().
* \param ad The buffer holding the additional data, or \c NULL
* if \p ad_len is \c 0.
* \param ad_len The length of the additional data. If \c 0,
* \p ad may be \c NULL.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
* \p ctx is in an invalid state,
* total input length too long.
*/
int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
const unsigned char *ad,
size_t ad_len );
/**
* \brief This function feeds an input buffer into an ongoing CCM
* encryption or decryption operation.
*
* You may call this function zero, one or more times
* to pass successive parts of the input: the plaintext to
* encrypt, or the ciphertext (not including the tag) to
* decrypt. After the last part of the input, call
* mbedtls_ccm_finish(). The lengths \p input_len of the
* data parts should eventually add up exactly to the
* plaintext length \c plaintext_len passed to
* mbedtls_ccm_set_lengths().
*
* This function may produce output in one of the following
* ways:
* - Immediate output: the output length is always equal
* to the input length.
* - Buffered output: except for the last part of input data,
* the output consists of a whole number of 16-byte blocks.
* If the total input length so far (not including
* associated data) is 16 \* *B* + *A* with *A* < 16 then
* the total output length is 16 \* *B*.
* For the last part of input data, the output length is
* equal to the input length plus the number of bytes (*A*)
* buffered in the previous call to the function (if any).
* The function uses the plaintext length
* \c plaintext_len passed to mbedtls_ccm_set_lengths()
* to detect the last part of input data.
*
* In particular:
* - It is always correct to call this function with
* \p output_size >= \p input_len + 15.
* - If \p input_len is a multiple of 16 for all the calls
* to this function during an operation (not necessary for
* the last one) then it is correct to use \p output_size
* =\p input_len.
*
* \note This function is not implemented in Mbed TLS yet.
*
* \param ctx The CCM context. This must have been started with
* mbedtls_ccm_starts() and the lengths of the message and
* additional data must have been declared with
* mbedtls_ccm_set_lengths().
* \param input The buffer holding the input data. If \p input_len
* is greater than zero, this must be a readable buffer
* of at least \p input_len bytes.
* \param input_len The length of the input data in bytes.
* \param output The buffer for the output data. If \p output_size
* is greater than zero, this must be a writable buffer of
* at least \p output_size bytes.
* \param output_size The size of the output buffer in bytes.
* See the function description regarding the output size.
* \param output_len On success, \p *output_len contains the actual
* length of the output written in \p output.
* On failure, the content of \p *output_len is
* unspecified.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
* \p ctx is in an invalid state,
* total input length too long,
* or \p output_size too small.
*/
int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
const unsigned char *input, size_t input_len,
unsigned char *output, size_t output_size,
size_t *output_len );
/**
* \brief This function finishes the CCM operation and generates
* the authentication tag.
*
* It wraps up the CCM stream, and generates the
* tag. The tag can have a maximum length of 16 Bytes.
*
* \note This function is not implemented in Mbed TLS yet.
*
* \param ctx The CCM context. This must have been started with
* mbedtls_ccm_starts() and the lengths of the message and
* additional data must have been declared with
* mbedtls_ccm_set_lengths().
* \param tag The buffer for holding the tag. If \p tag_len is greater
* than zero, this must be a writable buffer of at least \p
* tag_len Bytes.
* \param tag_len The length of the tag to generate in Bytes:
* 4, 6, 8, 10, 12, 14 or 16.
* For CCM*, zero is also valid.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
* \p ctx is in an invalid state,
* invalid value of \p tag_len,
* the total amount of additional data passed to
* mbedtls_ccm_update_ad() was lower than the total length of
* additional data \c total_ad_len passed to
* mbedtls_ccm_set_lengths(),
* the total amount of input data passed to
* mbedtls_ccm_update() was lower than the plaintext length
* \c plaintext_len passed to mbedtls_ccm_set_lengths().
*/
int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
unsigned char *tag, size_t tag_len );
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/**
* \brief The CCM checkup routine.

18
include/mbedtls/check_config.h
View File

@ -130,16 +130,6 @@
#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE) && \
! defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
#error "MBEDTLS_ECP_RESTARTABLE defined, but not MBEDTLS_ECDH_LEGACY_CONTEXT"
#endif
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) && \
defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
#error "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED defined, but MBEDTLS_ECDH_LEGACY_CONTEXT not disabled"
#endif
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
@ -836,6 +826,14 @@
#error "MBEDTLS_SSL_PROTO_TLS1_1 (TLS v1.1 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
#endif
#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
#endif
#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names
#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
#endif
/*
* Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the

46
include/mbedtls/cipher.h
View File

@ -438,10 +438,23 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
/**
* \brief This function initializes a cipher context for
* \brief This function prepares a cipher context for
* use with the given cipher primitive.
*
* \param ctx The context to initialize. This must be initialized.
* \note After calling this function, you should call
* mbedtls_cipher_setkey() and, if the mode uses padding,
* mbedtls_cipher_set_padding_mode(), then for each
* message to encrypt or decrypt with this key, either:
* - mbedtls_cipher_crypt() for one-shot processing with
* non-AEAD modes;
* - mbedtls_cipher_auth_encrypt_ext() or
* mbedtls_cipher_auth_decrypt_ext() for one-shot
* processing with AEAD modes or NIST_KW;
* - for multi-part processing, see the documentation of
* mbedtls_cipher_reset().
*
* \param ctx The context to prepare. This must be initialized by
* a call to mbedtls_cipher_init() first.
* \param cipher_info The cipher to use.
*
* \return \c 0 on success.
@ -449,10 +462,6 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context fails.
*
* \internal Currently, the function also clears the structure.
* In future versions, the caller will be required to call
* mbedtls_cipher_init() on the structure first.
*/
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info );
@ -688,7 +697,30 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
/**
* \brief This function resets the cipher state.
*
* \param ctx The generic cipher context. This must be initialized.
* \note With non-AEAD ciphers, the order of calls for each message
* is as follows:
* 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
* 2. mbedtls_cipher_reset()
* 3. mbedtls_cipher_update() one or more times
* 4. mbedtls_cipher_finish()
* .
* This sequence can be repeated to encrypt or decrypt multiple
* messages with the same key.
*
* \note With AEAD ciphers, the order of calls for each message
* is as follows:
* 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
* 2. mbedtls_cipher_reset()
* 3. mbedtls_cipher_update_ad()
* 4. mbedtls_cipher_update() one or more times
* 5. mbedtls_cipher_finish()
* 6. mbedtls_cipher_check_tag() (for decryption) or
* mbedtls_cipher_write_tag() (for encryption).
* .
* This sequence can be repeated to encrypt or decrypt multiple
* messages with the same key.
*
* \param ctx The generic cipher context. This must be bound to a key.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on

107
include/mbedtls/config.h
View File

@ -682,26 +682,6 @@
*/
//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
/**
* \def MBEDTLS_REMOVE_3DES_CIPHERSUITES
*
* Remove 3DES ciphersuites by default in SSL / TLS.
* This flag removes the ciphersuites based on 3DES from the default list as
* returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible
* to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
* them explicitly.
*
* A man-in-the-browser attacker can recover authentication tokens sent through
* a TLS connection using a 3DES based cipher suite (see "On the Practical
* (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan
* Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls
* in your threat model or you are unsure, then you should keep this option
* enabled to remove 3DES based cipher suites.
*
* Comment this macro to keep 3DES in the default ciphersuite list.
*/
#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
/**
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
*
@ -779,39 +759,10 @@
*
* \note This option only works with the default software implementation of
* elliptic curve functionality. It is incompatible with
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
* and MBEDTLS_ECDH_LEGACY_CONTEXT.
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
*/
//#define MBEDTLS_ECP_RESTARTABLE
/**
* \def MBEDTLS_ECDH_LEGACY_CONTEXT
*
* Use a backward compatible ECDH context.
*
* Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
* defined in `ecdh.h`). For most applications, the choice of format makes
* no difference, since all library functions can work with either format,
* except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
* The new format used when this option is disabled is smaller
* (56 bytes on a 32-bit platform). In future versions of the library, it
* will support alternative implementations of ECDH operations.
* The new format is incompatible with applications that access
* context fields directly and with restartable ECP operations.
*
* Define this macro if you enable MBEDTLS_ECP_RESTARTABLE or if you
* want to access ECDH context fields directly. Otherwise you should
* comment out this macro definition.
*
* This option has no effect if #MBEDTLS_ECDH_C is not enabled.
*
* \note This configuration option is experimental. Future versions of the
* library may modify the way the ECDH context layout is configured
* and may modify the layout of the new context type.
*/
#define MBEDTLS_ECDH_LEGACY_CONTEXT
/**
* \def MBEDTLS_ECDSA_DETERMINISTIC
*
@ -843,7 +794,6 @@
* MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
@ -866,7 +816,6 @@
* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
*
* \warning Using DHE constitutes a security risk as it
* is not possible to validate custom DH parameters.
@ -892,7 +841,6 @@
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@ -916,7 +864,6 @@
* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@ -942,7 +889,6 @@
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@ -968,7 +914,6 @@
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*
* \warning Using DHE constitutes a security risk as it
* is not possible to validate custom DH parameters.
@ -999,7 +944,6 @@
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@ -1022,7 +966,6 @@
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@ -1035,7 +978,6 @@
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
@ -1058,7 +1000,6 @@
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
* MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
@ -1938,16 +1879,6 @@
*/
#define MBEDTLS_VERSION_FEATURES
/**
* \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
*
* If set, the X509 parser will not break-off when parsing an X509 certificate
* and encountering an extension in a v1 or v2 certificate.
*
* Uncomment to prevent an error.
*/
//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
/**
* \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*
@ -2422,19 +2353,6 @@
* Caller: library/pem.c
* library/cipher.c
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
*
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*
* \warning DES is considered a weak cipher and its use constitutes a
@ -3486,27 +3404,10 @@
*/
//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
*
* This option controls the use of record plaintext padding
* when using the Connection ID extension in DTLS 1.2.
*
* The padding will always be chosen so that the length of the
* padded plaintext is a multiple of the value of this option.
*
* Note: A value of \c 1 means that no padding will be used
* for outgoing records.
*
* Note: On systems lacking division instructions,
* a power of two should be preferred.
*
*/
//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
/** \def MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY
*
* This option controls the use of record plaintext padding
* in TLS 1.3.
* in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
*
* The padding will always be chosen so that the length of the
* padded plaintext is a multiple of the value of this option.
@ -3517,7 +3418,7 @@
* Note: On systems lacking division instructions,
* a power of two should be preferred.
*/
//#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
*

32
include/mbedtls/config_psa.h
View File

@ -38,6 +38,30 @@
extern "C" {
#endif
/****************************************************************/
/* De facto synonyms */
/****************************************************************/
#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
#endif
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
#endif
/****************************************************************/
/* Require built-in implementations based on PSA requirements */
/****************************************************************/
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
@ -497,6 +521,12 @@ extern "C" {
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
#endif /* PSA_WANT_ECC_SECP_K1_256 */
/****************************************************************/
/* Infer PSA requirements from Mbed TLS capabilities */
/****************************************************************/
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
/*
@ -522,6 +552,7 @@ extern "C" {
#if defined(MBEDTLS_ECDSA_C)
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
#define PSA_WANT_ALG_ECDSA 1
#define PSA_WANT_ALG_ECDSA_ANY 1
// Only add in DETERMINISTIC support if ECDSA is also enabled
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
@ -586,6 +617,7 @@ extern "C" {
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
#endif /* MBEDTLSS_PKCS1_V15 */
#if defined(MBEDTLS_PKCS1_V21)
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1

19
include/mbedtls/ecdh.h
View File

@ -41,6 +41,25 @@
#include "mbedtls/ecp.h"
/*
* Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
* defined in `ecdh.h`). For most applications, the choice of format makes
* no difference, since all library functions can work with either format,
* except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
* The new format used when this option is disabled is smaller
* (56 bytes on a 32-bit platform). In future versions of the library, it
* will support alternative implementations of ECDH operations.
* The new format is incompatible with applications that access
* context fields directly and with restartable ECP operations.
*/
#if defined(MBEDTLS_ECP_RESTARTABLE)
#define MBEDTLS_ECDH_LEGACY_CONTEXT
#else
#undef MBEDTLS_ECDH_LEGACY_CONTEXT
#endif
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
#undef MBEDTLS_ECDH_LEGACY_CONTEXT
#include "everest/everest.h"

9
include/mbedtls/ecp.h
View File

@ -230,7 +230,7 @@ typedef struct mbedtls_ecp_group
int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */
void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */
size_t MBEDTLS_PRIVATE(T_size); /*!< The number of pre-computed points. */
size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated pre-computed points. */
}
mbedtls_ecp_group;
@ -277,15 +277,16 @@ mbedtls_ecp_group;
#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
/*
* Trade memory for speed on fixed-point multiplication.
* Trade code size for speed on fixed-point multiplication.
*
* This speeds up repeated multiplication of the generator (that is, the
* multiplication in ECDSA signatures, and half of the multiplications in
* ECDSA verification and ECDHE) by a factor roughly 3 to 4.
*
* The cost is increasing EC peak memory usage by a factor roughly 2.
* For each n-bit Short Weierstrass curve that is enabled, this adds 4n bytes
* of code size if n < 384 and 8n otherwise.
*
* Change this value to 0 to reduce peak memory usage.
* Change this value to 0 to reduce code size.
*/
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */
#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */

1
include/mbedtls/oid.h
View File

@ -146,6 +146,7 @@
#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */
#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
/*

50
include/mbedtls/ssl.h
View File

@ -258,12 +258,8 @@
#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
#endif
#if !defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
#endif
#if !defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY)
#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
#if !defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY)
#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
#endif
/* \} name SECTION: Module settings */
@ -2713,8 +2709,14 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/**
* \brief Configure a pre-shared key (PSK) and identity
* to be used in PSK-based ciphersuites.
* \brief Configure pre-shared keys (PSKs) and their
* identities to be used in PSK-based ciphersuites.
*
* Only one PSK can be registered, through either
* mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque().
* If you attempt to register more than one PSK, this function
* fails, though this may change in future versions, which
* may add support for multiple PSKs.
*
* \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
@ -2722,13 +2724,6 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
* \note A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
* takes precedence over a PSK configured by this function.
*
* \warning Currently, clients can only register a single pre-shared key.
* Calling this function or mbedtls_ssl_conf_psk_opaque() more
* than once will overwrite values configured in previous calls.
* Support for setting multiple PSKs on clients and selecting
* one based on the identity hint is not a planned feature,
* but feedback is welcomed.
*
* \param conf The SSL configuration to register the PSK with.
* \param psk The pointer to the pre-shared key to use.
* \param psk_len The length of the pre-shared key in bytes.
@ -2741,7 +2736,9 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
* of the SSL configuration.
*
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
* \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs
* can be configured. In this case, the old PSK(s) remain intact.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
const unsigned char *psk, size_t psk_len,
@ -2749,8 +2746,14 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief Configure an opaque pre-shared key (PSK) and identity
* to be used in PSK-based ciphersuites.
* \brief Configure one or more opaque pre-shared keys (PSKs) and
* their identities to be used in PSK-based ciphersuites.
*
* Only one PSK can be registered, through either
* mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque().
* If you attempt to register more than one PSK, this function
* fails, though this may change in future versions, which
* may add support for multiple PSKs.
*
* \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
@ -2759,13 +2762,6 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
* the PSK callback takes precedence over an opaque PSK
* configured by this function.
*
* \warning Currently, clients can only register a single pre-shared key.
* Calling this function or mbedtls_ssl_conf_psk() more than
* once will overwrite values configured in previous calls.
* Support for setting multiple PSKs on clients and selecting
* one based on the identity hint is not a planned feature,
* but feedback is welcomed.
*
* \param conf The SSL configuration to register the PSK with.
* \param psk The identifier of the key slot holding the PSK.
* Until \p conf is destroyed or this function is successfully
@ -2782,7 +2778,9 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
* SSL configuration.
*
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
* \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs
* can be configured. In this case, the old PSK(s) remain intact.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
psa_key_id_t psk,

12
include/mbedtls/ssl_ciphersuites.h
View File

@ -43,10 +43,6 @@ extern "C" {
#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
#define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
#define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */
#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */
@ -69,15 +65,12 @@ extern "C" {
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
#define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
#define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
#define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
@ -115,22 +108,18 @@ extern "C" {
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */
#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
@ -152,7 +141,6 @@ extern "C" {
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037

2
include/mbedtls/x509_csr.h
View File

@ -236,6 +236,7 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
* \param ctx CSR context to use
* \param oid OID of the extension
* \param oid_len length of the OID
* \param critical Set to 1 to mark the extension as critical, 0 otherwise.
* \param val value of the extension OCTET STRING
* \param val_len length of the value data
*
@ -243,6 +244,7 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
*/
int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
const char *oid, size_t oid_len,
int critical,
const unsigned char *val, size_t val_len );
/**