d29e13eb1b
tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:34:20 +02:00
2a87e9bf83
tls: Align set and usage check for PSK
...
Check that the identity length is not
zero in ssl_conf_set_psk_identity()
as it is done in
mbedtls_ssl_conf_has_static_psk().
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:34:20 +02:00
fa1e04a7c4
tls13: keys: Fix PSK build only case
...
When deriving the handshake stage master
secret, in the case of a PSK only build,
the only possible key exchange mode is PSK
and there is no ephemeral key exchange
shared secret in that case. Thus do not
error out in that case in the first
phae of the derivation dedicated to the
shared secret.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:34:20 +02:00
9a6a49c7cb
tls13: keys: Fail if the group type is not ECDHE or DHE
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:34:20 +02:00
b15d4d8966
tls13: keys: Fix error code
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:34:20 +02:00
3b056202d3
tls13: keys: Do not use handshake->premaster
...
`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.
Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.
Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:34:20 +02:00
4c7edb2b9b
tls13: keys: Fix indentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:34:20 +02:00
831fee68c3
tls13: keys: Avoid input buffer copy
...
In mbedtls_ssl_tls13_evolve_secret() avoid
to copy the input buffer into a local buffer
as the copy is avoidable.
This also fixes a potential overflow as the
size of the local buffer was not checked when
copying into it.
With the current calls to mbedtls_ssl_tls13_evolve_secret()
no buffer overflow was expected to happen though.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:34:20 +02:00
45c6792faf
Merge pull request #6385 from AndrzejKurek/depends-py-reloaded
...
Unified tests/scripts/depends.py - reloaded
2022-10-21 10:17:58 +02:00
4281ae0bd2
Merge pull request #6373 from gilles-peskine-arm/bignum-core-conventions
...
Spell out bignum core conventions
2022-10-19 15:53:33 +02:00
db2996357c
Merge pull request #6289 from gabor-mezei-arm/6237_Add_conditional_assign_and_swap_for_bignum
...
Bignum: Add safe conditional assign and swap for the new MPI types
2022-10-19 15:51:19 +02:00
9387b7b34e
Add a temporary solution to create a seedfile
...
This caused problems if a config with SHA512 was
compiled after a config without it and the seedfile
did not contain enough data.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:09 -04:00
c610e7402e
Formatting & unnecessary (void) fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:09 -04:00
ecb630925f
Fix constant name in ssl_tls13_keys
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:09 -04:00
e5a5cc1944
Remove the dependency of tls1_3 key evolution tests on curve25519
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:09 -04:00
eabeb30c65
Fix SHA512 vs SHA384 dependencies
...
When building SHA512 without SHA384,
there are some code paths that resulted
in unused variables or usage of undefined code.
This commit fixes that.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:09 -04:00
c19fb08dd3
Add missing ECDH dependency in tls 1.3 client
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:08 -04:00
68327748d3
Add missing dependencies
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:08 -04:00
46a987367c
Formatting fix
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:08 -04:00
084334c8f2
Compile constant time masking and hmac if there are suites using MAC
...
This is used in TLS 1.2 authentication with NULL cipher,
when there are no TLS_CBC suites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:08 -04:00
2d59dbc032
Use TLS prf only if TLS 1.2 is compiled in
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:08 -04:00
894edde991
Add tls prf handling when there's no SHA256 or SHA384
...
Return a null prf function pointer and check for it when populating transform.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:08 -04:00
252283f2aa
Fix missing cipher mode dependencies
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:08 -04:00
8874cd570e
Merge pull request #4826 from RcColes/development
...
Add LMS implementation
2022-10-14 18:33:01 +02:00
dcd1717f5f
Forbid aliasing outputs
...
Aliasing between two outputs is hardly ever useful.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-10-14 17:15:21 +02:00
4086de667d
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-10-14 16:29:42 +02:00
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test
...
Enable testing of AEAD drivers with libtestdriver1
2022-10-14 11:11:01 +02:00
1951259a10
Update how lms.c imports platform.h
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 16:47:13 +01:00
49e4184812
Merge pull request #6299 from xkqian/tls13_add_servername_check
...
Add server name check when proposing pre-share key
2022-10-13 16:00:59 +02:00
cbd02adc6e
Simplify LMS context freeing
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:30:32 +01:00
45c4ff93c9
Fix windows requiring explicit cast in LMS calloc
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:30:14 +01:00
142e577c34
Add extra zeroization to LMS and LMOTS
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:30:03 +01:00
9fc303a99a
Add extra LMOTS import negative tests
...
And fix failures that are related to the new tests
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:30:01 +01:00
4829459c90
Validate LMOTS sig length before parsing type
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:47 +01:00
285d44b180
Capitalize "Merkle" in LMS and LMOTS code
...
As it is a proper noun
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:43 +01:00
faf59babe8
Make LMS verification return VERIFY_FAILED more
...
To align with PSA error code rules on when VERIFY_FAILED is returned vs
INVALID_ARGUMENT
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:42 +01:00
fbd60ec775
Change LMS and LMOTS init functions to use memset
...
Instead of zeroize
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:40 +01:00
9b0daf60fb
Improve LMS private function warning
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:38 +01:00
f6cb5a4826
Fix LMS return statements having incorrect style
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:35 +01:00
75b4c7790e
Fix LMS internal function documentation
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:34 +01:00
d48f7e90bb
Allocate LMS C_RANDOM_VALUE as hash size
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:32 +01:00
1fb2f32ef5
Check LMS offsets are sane at runtime
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:31 +01:00
e34e3c0e59
Remove unneeded cast in LMS calloc
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:30 +01:00
370cc43630
Make LMS public key export part of public key api
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:28 +01:00
e89488debf
Fix bug in LMS public key loading
...
To avoid using the type before it is parsed from the signature
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:27 +01:00
3f6cdd7aab
Fix LMS not checking RNG function return value
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:24 +01:00
02cf8234b4
Fix ots sig length check in LMS validate function
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:22 +01:00
f36874a535
Fix error type of lms_import_public_key
...
Was returning an incorrect error when bad public key sizes were input
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:21 +01:00
dc8fb79e09
Simplify LMS private key generation error handling
...
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:20 +01:00
be3bdd8240
Rename LMS and LMOTS init/free functions
...
To match convention
Signed-off-by: Raef Coles <raef.coles@arm.com >
2022-10-13 14:29:18 +01:00
