Commit Graph

4431 Commits

Author SHA1 Message Date
Gilles Peskine
726652648e Document the section "General configuration options"
Replace the copypasta that was there.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 13:54:57 +02:00
Gilles Peskine
1341e21462 Fix name mismatch in section end comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 13:54:57 +02:00
Gilles Peskine
d742baa134 Format literal # in a way that doesn't confuse older Doxygen
With Doxygen 1.8.11 (as on Ubuntu 16.04), `#include` doesn't protect the
hash character enough, and Doxygen tries to link to something called
include. (Doxygen 1.8.17 doesn't have this problem.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 13:54:20 +02:00
Gilles Peskine
86198d71e3 Place MBEDTLS_CONFIG_FILE and such into a new section
Include this new section in the "full for documentation" (`realfull`)
configuration, so that these options are documented in the official
documentation build (`scripts/apidoc_full.sh`).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 13:54:20 +02:00
Gilles Peskine
7e2a91fcb6 Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, support an alternative file to
include instead of "psa/crypto_config.h", and an additional file to include
after it. This follows the model of the existing MBEDTLS_{,USER_}CONFIG_FILE.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 13:54:20 +02:00
Gilles Peskine
528343513c Improve documentation of MBEDTLS_PSA_CRYPTO_CONFIG
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 13:51:55 +02:00
Gilles Peskine
781f734bb6 Document MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 13:51:55 +02:00
Dave Rodgman
c2d1938a0d
Merge pull request #5720 from tom-cosgrove-arm/adamwolf-reasonable-2.28
Backport 2.28: Fix spelling of 'reasonable' in comments
2022-04-11 09:47:26 +01:00
Adam Wolf
ef30d90cf0 Fix spelling of 'reasonable' in comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-04-08 17:02:33 +01:00
Andrzej Kurek
263d8f7e61 Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C
The timing module might include time.h on its own when on
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled.

Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 08:34:41 -04:00
Dave Rodgman
52af769878 Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:27:24 +01:00
Daniel Axtens
301db66954 Do not include time.h without MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 15:25:42 -05:00
Gilles Peskine
e2279e02ea
Merge pull request #5503 from AndrzejKurek/doxygen-duplicate-parameter-docs-2-28
Backport 2.28: doxygen: merge multiple descriptions of the same return codes
2022-02-28 17:09:49 +01:00
Gilles Peskine
e69324458a
Merge pull request #5540 from gilles-peskine-arm/check_config-chachapoly-2.28
Backport 2.28: Add check_config checks for AEAD
2022-02-28 17:07:53 +01:00
Gilles Peskine
fa21dda04a Fix indentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-15 10:59:53 +01:00
Gilles Peskine
9130b5b774 Add check_config checks for AEAD
CCM requires one of the 128-bit-block block ciphers to be useful, just like GCM.

GCM and CCM need the cipher module.

ChaChaPoly needs ChaCha20 and Poly1305.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-15 10:59:44 +01:00
Manuel Pégourié-Gonnard
298d6cc397 Add mbedtls_ssl_check_curve_tls_id() (internal)
This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).

Backport of 0d63b84fa49ecb758dbec4fd7a94df59fe8367ab with a very
different implementation, as 2.28 still stores the list of allowed
groups with their mbedtls_ecp group IDs, not the IANA/TLS group IDs
(changed by https://github.com/ARMmbed/mbedtls/pull/4859/ in 3.x).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-14 13:00:32 +01:00
Andrzej Kurek
fcaef2ee4d doxygen: merge multiple descriptions of the same return codes
Organize some of the errors in a better way.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 07:54:59 -05:00
Andrzej Kurek
a16ffaf811 Add a check in check_config.h for PK_WRITE_C when RSA is enabled
This is required for importing RSA keys, as 
mbedtls_psa_rsa_export_key is used internally.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-31 09:52:33 -05:00
Andrzej Kurek
d08ed95419 Formatting: remove tabs from check_config.h
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:03:09 -05:00
Andrzej Kurek
1faa2a3c6e Add a check for MBEDTLS_PK_WRITE_C with USE_PSA_CRYPTO to check-config.h
Also force MBEDTLS_PK_WRITE_C in reduced configs using
MBEDTLS_USE_PSA_CRYPTO, MBEDTLS_PK_C and 
MBEDTLS_ECDSA_C.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:00:24 -05:00
Andrzej Kurek
fe5fb8e5d2 doxygen: remove empty platform_time configuration section
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-24 10:33:13 -05:00
Andrzej Kurek
ff632d5a3c doxygen: move addtogroup closures to include more elements
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-24 10:32:00 -05:00
Andrzej Kurek
73afe27d5d Add missing asterisk to doxygen closures
Clarify section names next to closing braces
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-24 10:31:06 -05:00
Sebastian Bøe
9db51a6e26 Add missing config check for PKCS5.
PKCS5 depends on MD, but is missing a config check resulting in
obscure errors on invalid configurations.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2022-01-19 13:26:09 +01:00
Dave Rodgman
d41dab39c5 Bump version to 2.28.0
Executed ./scripts/bump_version.sh --version 2.28.0 --so-tls 14

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-15 11:55:31 +00:00
Gilles Peskine
384b98bdae
Merge pull request #5310 from paul-elliott-arm/pkcs12_fix_2.x
Backport 2.x: Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:44 +01:00
Paul Elliott
ce22008c63 Documentation fixes
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-13 11:14:45 +00:00
Gilles Peskine
2b3f21dc0b Catch failures of md_hmac operations
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 15:02:06 +01:00
Paul Elliott
a59cc3dbc7 Further documentation improvements
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-10 17:48:12 +00:00
Paul Elliott
fe724fe618 Fix for pkcs12 with NULL or zero length password
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-10 17:48:12 +00:00
Gilles Peskine
51377d8a73
Merge pull request #5280 from davidhorstmann-arm/2.x-improve-cmac-docs
Backport 2.x: Reword documentation of CMAC operations
2021-12-09 23:28:39 +01:00
Manuel Pégourié-Gonnard
c3319e73db
Merge pull request #5189 from gilles-peskine-arm/struct_reordering_2.x
Backport 2.x: Reorder structure fields to maximize usage of immediate offset access
2021-12-09 12:54:13 +01:00
David Horstmann
b56f38f57b Reword documentation of CMAC operations
Change the wording of the documentation for some CMAC functions,
as the existing wording, while technically correct, can be
easy to misunderstand. The reworded docs explain the flow of
a CMAC computation a little more fully.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-12-07 12:16:33 +00:00
Gilles Peskine
582f2398d4
Merge pull request #5167 from tom-cosgrove-arm/fix-builds-with-only-mbedtls_bignum_c-defined
Backport 2.x: Fix builds when config.h only defines MBEDTLS_BIGNUM_C
2021-12-07 12:38:04 +01:00
Antonio de Angelis
bf672336ae Align function parameter names for mbedtls_set_key_owner_id in PSA headers
static function mbedtls_set_key_owner() is declared in psa/crypto.h
and defined in psa/crypto_struct.h with different parameter name for
the  mbedtls_key_owner_id_t parameter and that may trigger errors
from static code analysis tool as cppcheck.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2021-12-01 22:43:57 +00:00
Ronald Cron
d98ec4b1e7 psa: Fix some dependencies in config_psa.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
0d5a27b195 psa: Fix Mbed TLS hash operation definition
Use PSA_BUILTIN macros instead of the Mbed TLS ones
as in the hash operation contexts the context for a
given hash is needed only if the support for it
through PSA is enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
b814bdabe4 Move to separately compiled PSA test driver library
This commit removes the test_psa_crypto_config_basic
all.sh component that can no longer work without
adapting it to the separately compiled test driver
library. This component is replaced by several
components in the following commits to test various
type of acceleration independently.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
0859fe20f6 psa: Fix hash max sizes
The PSA max hash size has to be 64 if SHA512 or
SHA384 is supported by the library or an
accelerator, not just in case of the library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Gilles Peskine
9501bd7d6e Make PSA headers more self-contained
Several files among include/psa/crypto_*.h are not meant to be included
directly, and are not guaranteed to be valid if included directly. This
makes it harder to perform some static analyses. So make these files more
self-contained so that at least, if included on their own, there is no
missing macro or type definition (excluding the deliberate use of forward
declarations of structs and unions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:34:05 +01:00
Gilles Peskine
3107b337e1
Merge pull request #5154 from gabor-mezei-arm/3649_bp2x_move_constant_time_functions_into_separate_module
[Backport 2.x] Move constant-time functions into a separate module
2021-11-24 19:33:03 +01:00
Tom Cosgrove
8100bf5d67 further improvements to sha256 docs
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2021-11-22 15:35:58 +00:00
Tom Cosgrove
bcd2f67624 doc improvements in aes and sha256 includes
- Add return value description to the docs of mbedtls_sha256
- Remove description of non-existing "mode" parameter from the docs of mbedtls_aes_crypt_ctr

Backport of #5105

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2021-11-22 15:02:29 +00:00
Gilles Peskine
e833998b58 Update comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-17 20:00:13 +01:00
Gilles Peskine
7f03d9ecc6 mbedtls_ssl_config: Replace bit-fields by separate bytes
This slightly increases the RAM consumption per context, but saves code
size on architectures with an instruction for direct byte access (which is
most of them).

Although this is technically an API break, in practice, a realistic
application won't break: it would have had to bypass API functions and rely
on the field size (e.g. relying on -1 == 1 in a 1-bit field).

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19952 -> 19900 (diff: 52)
library/ssl_msg.o: 25810 -> 25798 (diff: 12)
library/ssl_srv.o: 22371 -> 22299 (diff: 72)
library/ssl_tls.o: 23274 -> 23038 (diff: 236)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2868 -> 2848 (diff: 20)
library/ssl_msg.o: 2916 -> 2924 (diff: -8)
library/ssl_srv.o: 3204 -> 3184 (diff: 20)
library/ssl_tls.o: 5860 -> 5756 (diff: 104)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-16 18:56:49 +01:00
Lukasz Gniadzik
9a0e0affef mbedtls_ssl_config, mbedtls_ssl_session: reorder fields
Move small fields first so that more fields can be within the Arm Thumb
128-element direct access window.

The ordering in this commit is not based on field access frequency.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 20104 -> 19952 (diff: 152)
library/ssl_msg.o: 25942 -> 25810 (diff: 132)
library/ssl_srv.o: 22467 -> 22371 (diff: 96)
library/ssl_tls.o: 23390 -> 23274 (diff: 116)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2928 -> 2868 (diff: 60)
library/ssl_msg.o: 2924 -> 2916 (diff: 8)
library/ssl_srv.o: 3232 -> 3204 (diff: 28)
library/ssl_tls.o: 5904 -> 5860 (diff: 44)

Signed-off-by: Lukasz Gniadzik <lukasz.gniadzik@mobica.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-16 18:05:27 +01:00
Gilles Peskine
baccfef741 mbedtls_ssl_handshake_params: reorder fields to save code size
Reorder fields mbedtls_ssl_handshake_params in order to save code on Arm
Thumb builds. The general idea is to put often-used fields in the direct
access window of 128 elements from the beginning of the structure.

The reordering is a human selection based on a report of field offset and
use counts, and informed by measuring the code size with various
arrangements. Some notes:
* I moved most byte-sized fields at the beginning where they're sure to be
  in the direct access window.
* I moved buffering earlier because it can be around the threshold depending
  on the configuration, and it's accessed in a lot of places.
* I moved several fields, including update_checksum and friends, early so
  that they're guaranteed to be in the early access window.
* I tried moving randbytes or premaster to the early access window, but
  I couldn't find a placement which would save code size, presumably because
  they're bumping too many other fields, and they're mostly accessed through
  memcpy and friends which translates to instructions that don't have an
  offset for free anyway.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 20200 -> 20104 (diff: 96)
library/ssl_msg.o: 25978 -> 25942 (diff: 36)
library/ssl_srv.o: 22691 -> 22467 (diff: 224)
library/ssl_tls.o: 23570 -> 23390 (diff: 180)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 3012 -> 2928 (diff: 84)
library/ssl_msg.o: 2932 -> 2924 (diff: 8)
library/ssl_srv.o: 3288 -> 3232 (diff: 56)
library/ssl_tls.o: 6032 -> 5904 (diff: 128)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-16 17:44:31 +01:00
Gilles Peskine
51070849fa mbedtls_ssl_handshake_params: use bytes for some small values
Replace bitfields mbedtls_ssl_handshake_params by bytes. This saves some
code size, and since the bitfields weren't group, this doesn't increase the
RAM usage.

Replace several ints that only store values in the range 0..255 by uint8_t.
This can increase or decrease the code size depending on the architecture
and on how the field is used. I chose changes that save code size on Arm
Thumb builds and may potentially save more after field reordering.

Leave the bitfields in struct mbedtls_ssl_hs_buffer alone: replacing them by
uint8_t slightly increases the code size.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_srv.o: 22735 -> 22691 (diff: 44)
library/ssl_tls.o: 23566 -> 23570 (diff: -4)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-16 16:44:00 +01:00
Gilles Peskine
4a13ebff39 Tweak whitespace for readability
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-16 15:21:44 +01:00