yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 12:25:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,054 Commits 88 Branches 205 Tags 69 MiB
cac5536b45
Commit Graph

6120 Commits

Author SHA1 Message Date
Gilles Peskine
cac5536b45
Merge pull request #3823 from gabor-mezei-arm/3818_MBEDTLS_AES_SETKEY_DEC_ALT_excludes_MBEDTLS_CIPHER_MODE_XTS 
Make the aes xts methods independent from MBEDTLS_AES_SETKEY_DEC_ALT
 2020-11-09 20:44:08 +01:00
Gilles Peskine
e3994d7269
Merge pull request #3836 from bensze01/ecb_iv_fix 
Do not set iv size for ECB mode ciphers
 2020-11-06 18:00:50 +01:00
Bence Szépkúti
a8e40ddfc9 Do not set IV size for ECB mode ciphers 
ECB mode ciphers do not use IVs

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2020-11-06 09:40:21 +01:00
Gilles Peskine
6b87993142
Merge pull request #3609 from gilles-peskine-arm/aes-zeroize-less 
Remove a useless zeroization
 2020-11-04 23:43:35 +01:00
Gilles Peskine
a455e71588
Merge pull request #3780 from stevew817/feature/validate_key_in_driver 
Add validate_key hooks and tests
 2020-11-02 11:37:42 +01:00
Steven Cooreman
40120f6b76 Address review comments 
* zero key buffer on failure
* readability improvements
* psa_finish_key_creation adjustment after removing import_key_into_slot

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-10-30 10:20:01 +01:00
Steven Cooreman
162ec8758f Detecting bit size is no longer required 
Storage format has been changed to always store the key's bit size

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-10-29 12:04:31 +01:00
Johan Pascal
c3ccd98a91 Check transport in the extension parser/writer 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:50 +01:00
Johan Pascal
5ef72d214f Style and typos 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:50 +01:00
Johan Pascal
2258a4f481 Do not return a structure, use a return parameter 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:50 +01:00
Johan Pascal
0dbcd1d3f0 Make API safer 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:50 +01:00
Johan Pascal
275874bc47 Fix previous commit 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:50 +01:00
Johan Pascal
20c7db3a67 API modified so server side can get mki value 
+ client side discards self mki if server does not support it

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:50 +01:00
Johan Pascal
adbd9449ec More minor fix 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:50 +01:00
Johan Pascal
76fdf1d60e Minor fix and improvements 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:50 +01:00
Johan Pascal
d387aa0586 style + missing cast 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:50 +01:00
Johan Pascal
77696eedac Add bound check in the client ssl_write_use_srtp_ext 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
aae4d22b16 Improve code readability 
+micro optimization
+style

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
e79c1e8121 style 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
a455cd9a47 mbedtls_ssl_get_srtp_profile_as_string declared and defined in ssl.h 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
f6417ecf60 mki length feats in a uint16_t 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
253d0263a6 set protection profile API gets a MBEDTLS_TLS_SRTP_UNSET terminated list 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
43f9490a52 SRTP profiles definition use macros only 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
4f099264b5 use_srtp extension shall not interfere in the handshake settings 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
d576fdb1d6 Style + fix bound check in write_use_srt_ext 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
9bc97ca19d SRTP-DTLS protection profile configuration list not copied into ssl_config 
+ improve test
+ minor style fix

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
8f70fba988 Check the server hello output buffer size when writing the use_srtp ext 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
042d456832 Improve client Hello use_srtp parsing 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
a89ca8679f The client shall not enforce the use of client certificate with use_srtp extension 
This is server's task to request it if needed

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
8526957cd5 Minor style modifications 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
b64eab7656 fix style 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
65b56ef87f Change key derivation for srtp 
Use the export keys functionality, to call the public API
`mbedtls_ssl_tls_prf()`, and remove the function
`mbedtls_ssl_get_dtls_srtp_key_material()`.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
313d7b5d74 Add variable validation 
1. Check allocation success.
2. Check parameter correctness in the use_srtp extension
in server and client.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
75870ec6a7 Change byte copy to memcpy 
Change setting the mki value byte after byte with `memcpy()`.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
089c9fe9fa Improve readability 
Improve readability of the code:
1. move common code to `ssl_internal.h` as `static inline`.
2. Add comments.
3. Use local variables for extension size.
4. Change function signature, by adding buffer size and output length.
5. Take server srtp profile out of the loop.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
a978804a1b Style fixes 
1. Fix indentations.
2. Remove redundant whitespaces.
3. Keep short lines.
4. Grammar fixes.
5. Rephrase function description.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
ef72faf2bb Style fixes 
1. Adjust to 80 colums where possible.
2. Add \ remove spaces where needed.
3. Fix alignments.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
b465539476 Add tests and code to support 
1. Add DTLS-SRTP tests in `ssl-opts.sh`
2. Add logs for the tests to filter.
3. Add function to get the profile informations.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
1c399bdffe Set authmode to optional, if not set 
Set authmode to `MBEDTLS_SSL_VERIFY_REQUIRED` when using dtls-srtp,
in case authmode was not set. This is to support self signed certificates
received by the server, which is the case with webRTC. Certificate fingerprints
are verified outside the dtls stack, as defined in RFC 5763.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
12c6eaddd5 Fix mki issues 
1. Set correct mki from the `use_srtp` extension.
2. Use mki value received from the client as the mki used by server.
3. Use `mbedtls_ssl_dtls_srtp_set_mki_value()` as a client API only.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
9d36d311e3 Fix failure in ssl-opts.sh 
Return a debg message that was removed in previous commit,
Whic is searched in the ssl-opts.sh test.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
57cc70ec81 Enforce SRTP mandatory HS messages 
Enforce CertificateRequest, client and server Certificates, and
CertificateVerify messages, which are mandatory in DTLS-SRTP,
as defined in RFC 5764 section 4.1

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
a37326abb1 Make keyu material length in \ out 
Make the key material length in mbedtls_ssl_get_dtls_srtp_key_material
to be in\out, like it is done all over the library

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
591f162bed support mki value 
Add support mki value in the DTLS-SRTP

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Ron Eldor
3adb9928f3 Add mki value and some review comments 
1. Add check for prerequisites in check_config.h
2. Add mki value to use_srtp extension
3. address some review comments

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
34790789b6 Remove compilation warning 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
701984d300 Comply with mbedtls naming rules 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
2d9470be76 Improve DTLS SRTP API with a dedicated function to get generated keys 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
bbc057af73 Move available dtls srtp profile list to ssl_config 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00
Johan Pascal
b62bb51aff Add RFC5764 - SRTP key generation during DTLS handshake 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
 2020-10-29 01:14:49 +01:00