mirrors/v
1
0
Fork 0
mirror of https://github.com/vlang/v.git synced 2025-09-15 15:32:27 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 24

thirdparty,net.mbedtls: update mbedtls to latest compatible version v3.3.0 (#21118)

Browse source
This commit is contained in:
Turiiya 2024-03-28 07:46:21 +01:00 committed by GitHub
parent cb402a3340
commit 64a336932c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
156 changed files with 16293 additions and 4396 deletions
Download patch file Download diff file Expand all files Collapse all files

302
thirdparty/mbedtls/library/psa_crypto.c vendored
View file

@ -52,10 +52,6 @@
#include <stdlib.h>
#include <string.h>
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_PLATFORM_C)
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#include "mbedtls/aes.h"
#include "mbedtls/asn1.h"
@ -445,6 +441,8 @@ psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
case PSA_KEY_TYPE_RAW_DATA:
case PSA_KEY_TYPE_HMAC:
case PSA_KEY_TYPE_DERIVE:
case PSA_KEY_TYPE_PASSWORD:
case PSA_KEY_TYPE_PASSWORD_HASH:
break;
#if defined(PSA_WANT_KEY_TYPE_AES)
case PSA_KEY_TYPE_AES:
@ -879,20 +877,7 @@ static psa_status_t psa_restrict_key_policy(
return( PSA_SUCCESS );
}
/** Get the description of a key given its identifier and policy constraints
* and lock it.
*
* The key must have allow all the usage flags set in \p usage. If \p alg is
* nonzero, the key must allow operations with this algorithm. If \p alg is
* zero, the algorithm is not checked.
*
* In case of a persistent key, the function loads the description of the key
* into a key slot if not already done.
*
* On success, the returned key slot is locked. It is the responsibility of
* the caller to unlock the key slot when it does not access it anymore.
*/
static psa_status_t psa_get_and_lock_key_slot_with_policy(
psa_status_t psa_get_and_lock_key_slot_with_policy(
mbedtls_svc_key_id_t key,
psa_key_slot_t **p_slot,
psa_key_usage_t usage,
@ -3469,8 +3454,8 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
status = psa_driver_wrapper_cipher_encrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, local_iv, default_iv_length, input, input_length,
output + default_iv_length, output_size - default_iv_length,
output_length );
mbedtls_buffer_offset( output, default_iv_length ),
output_size - default_iv_length, output_length );
exit:
unlock_status = psa_unlock_key_slot( slot );
@ -3590,6 +3575,7 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
break;
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
default:
(void) nonce_length;
return( PSA_ERROR_NOT_SUPPORTED );
}
@ -3706,39 +3692,34 @@ exit:
return( status );
}
static psa_status_t psa_validate_tag_length( psa_aead_operation_t *operation,
psa_algorithm_t alg ) {
uint8_t tag_len = 0;
if( psa_driver_get_tag_len( operation, &tag_len ) != PSA_SUCCESS )
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
static psa_status_t psa_validate_tag_length( psa_algorithm_t alg ) {
const uint8_t tag_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg );
switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
#if defined(PSA_WANT_ALG_CCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.*/
if( tag_len < 4 || tag_len > 16 || tag_len % 2 )
return( PSA_ERROR_INVALID_ARGUMENT );
break;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
#endif /* PSA_WANT_ALG_CCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
#if defined(PSA_WANT_ALG_GCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. */
if( tag_len != 4 && tag_len != 8 && ( tag_len < 12 || tag_len > 16 ) )
return( PSA_ERROR_INVALID_ARGUMENT );
break;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
#endif /* PSA_WANT_ALG_GCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
/* We only support the default tag length. */
if( tag_len != 16 )
return( PSA_ERROR_INVALID_ARGUMENT );
break;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
default:
(void) tag_len;
@ -3789,6 +3770,9 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
.core = slot->attr
};
if( ( status = psa_validate_tag_length( alg ) ) != PSA_SUCCESS )
goto exit;
if( is_encrypt )
status = psa_driver_wrapper_aead_encrypt_setup( operation,
&attributes,
@ -3804,9 +3788,6 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
if( status != PSA_SUCCESS )
goto exit;
if( ( status = psa_validate_tag_length( operation, alg ) ) != PSA_SUCCESS )
goto exit;
operation->key_type = psa_get_key_type( &attributes );
exit:
@ -4243,7 +4224,8 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation )
#if defined(BUILTIN_ALG_ANY_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
#define AT_LEAST_ONE_BUILTIN_KDF
#endif /* At least one builtin KDF */
@ -4350,6 +4332,14 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation
else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS )
{
mbedtls_platform_zeroize( operation->ctx.tls12_ecjpake_to_pms.data,
sizeof( operation->ctx.tls12_ecjpake_to_pms.data ) );
}
else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */
{
status = PSA_ERROR_BAD_STATE;
}
@ -4631,6 +4621,31 @@ static psa_status_t psa_key_derivation_tls12_prf_read(
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
static psa_status_t psa_key_derivation_tls12_ecjpake_to_pms_read(
psa_tls12_ecjpake_to_pms_t *ecjpake,
uint8_t *output,
size_t output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t output_size = 0;
if( output_length != 32 )
return ( PSA_ERROR_INVALID_ARGUMENT );
status = psa_hash_compute( PSA_ALG_SHA_256, ecjpake->data,
PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE, output, output_length,
&output_size );
if( status != PSA_SUCCESS )
return ( status );
if( output_size != output_length )
return ( PSA_ERROR_GENERIC_ERROR );
return ( PSA_SUCCESS );
}
#endif
psa_status_t psa_key_derivation_output_bytes(
psa_key_derivation_operation_t *operation,
uint8_t *output,
@ -4685,6 +4700,15 @@ psa_status_t psa_key_derivation_output_bytes(
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS )
{
status = psa_key_derivation_tls12_ecjpake_to_pms_read(
&operation->ctx.tls12_ecjpake_to_pms, output, output_length );
}
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
{
(void) kdf_alg;
return( PSA_ERROR_BAD_STATE );
@ -5076,6 +5100,10 @@ static int is_kdf_alg_supported( psa_algorithm_t kdf_alg )
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
return( 1 );
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS )
return( 1 );
#endif
return( 0 );
}
@ -5100,19 +5128,26 @@ static psa_status_t psa_key_derivation_setup_kdf(
if( ! is_kdf_alg_supported( kdf_alg ) )
return( PSA_ERROR_NOT_SUPPORTED );
/* All currently supported key derivation algorithms are based on a
* hash algorithm. */
/* All currently supported key derivation algorithms (apart from
* ecjpake to pms) are based on a hash algorithm. */
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
size_t hash_size = PSA_HASH_LENGTH( hash_alg );
if( hash_size == 0 )
return( PSA_ERROR_NOT_SUPPORTED );
if( kdf_alg != PSA_ALG_TLS12_ECJPAKE_TO_PMS )
{
if( hash_size == 0 )
return( PSA_ERROR_NOT_SUPPORTED );
/* Make sure that hash_alg is a supported hash algorithm. Otherwise
* we might fail later, which is somewhat unfriendly and potentially
* risk-prone. */
psa_status_t status = psa_hash_try_support( hash_alg );
if( status != PSA_SUCCESS )
return( status );
/* Make sure that hash_alg is a supported hash algorithm. Otherwise
* we might fail later, which is somewhat unfriendly and potentially
* risk-prone. */
psa_status_t status = psa_hash_try_support( hash_alg );
if( status != PSA_SUCCESS )
return( status );
}
else
{
hash_size = PSA_HASH_LENGTH( PSA_ALG_SHA_256 );
}
if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
@ -5120,11 +5155,14 @@ static psa_status_t psa_key_derivation_setup_kdf(
{
return( PSA_ERROR_NOT_SUPPORTED );
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ||
( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS ) )
operation->capacity = hash_size;
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT ||
MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
operation->capacity = 255 * hash_size;
return( PSA_SUCCESS );
}
@ -5513,6 +5551,29 @@ static psa_status_t psa_tls12_prf_psk_to_ms_input(
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
static psa_status_t psa_tls12_ecjpake_to_pms_input(
psa_tls12_ecjpake_to_pms_t *ecjpake,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
{
if( data_length != PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE ||
step != PSA_KEY_DERIVATION_INPUT_SECRET )
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
/* Check if the passed point is in an uncompressed form */
if( data[0] != 0x04 )
return( PSA_ERROR_INVALID_ARGUMENT );
/* Only K.X has to be extracted - bytes 1 to 32 inclusive. */
memcpy( ecjpake->data, data + 1, PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE );
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
/** Check whether the given key type is acceptable for the given
* input step of a key derivation.
*
@ -5591,6 +5652,14 @@ static psa_status_t psa_key_derivation_input_internal(
}
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS )
{
status = psa_tls12_ecjpake_to_pms_input(
&operation->ctx.tls12_ecjpake_to_pms, step, data, data_length );
}
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
{
/* This can't happen unless the operation object was not initialized */
(void) data;
@ -5654,63 +5723,46 @@ psa_status_t psa_key_derivation_input_key(
/* Key agreement */
/****************************************************************/
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
psa_status_t psa_key_agreement_raw_builtin( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *peer_key,
size_t peer_key_length,
const mbedtls_ecp_keypair *our_key,
uint8_t *shared_secret,
size_t shared_secret_size,
size_t *shared_secret_length )
{
mbedtls_ecp_keypair *their_key = NULL;
mbedtls_ecdh_context ecdh;
psa_status_t status;
size_t bits = 0;
psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( our_key->grp.id, &bits );
mbedtls_ecdh_init( &ecdh );
status = mbedtls_psa_ecp_load_representation(
PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve),
bits,
peer_key,
peer_key_length,
&their_key );
if( status != PSA_SUCCESS )
goto exit;
status = mbedtls_to_psa_error(
mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS ) );
if( status != PSA_SUCCESS )
goto exit;
status = mbedtls_to_psa_error(
mbedtls_ecdh_get_params( &ecdh, our_key, MBEDTLS_ECDH_OURS ) );
if( status != PSA_SUCCESS )
goto exit;
status = mbedtls_to_psa_error(
mbedtls_ecdh_calc_secret( &ecdh,
shared_secret_length,
shared_secret, shared_secret_size,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE ) );
if( status != PSA_SUCCESS )
goto exit;
if( PSA_BITS_TO_BYTES( bits ) != *shared_secret_length )
status = PSA_ERROR_CORRUPTION_DETECTED;
exit:
if( status != PSA_SUCCESS )
mbedtls_platform_zeroize( shared_secret, shared_secret_size );
mbedtls_ecdh_free( &ecdh );
mbedtls_ecp_keypair_free( their_key );
mbedtls_free( their_key );
return( status );
}
switch( alg )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
case PSA_ALG_ECDH:
return( mbedtls_psa_key_agreement_ecdh( attributes, key_buffer,
key_buffer_size, alg,
peer_key, peer_key_length,
shared_secret,
shared_secret_size,
shared_secret_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
default:
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) peer_key;
(void) peer_key_length;
(void) shared_secret;
(void) shared_secret_size;
(void) shared_secret_length;
return( PSA_ERROR_NOT_SUPPORTED );
}
}
#define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES
/** Internal function for raw key agreement
* Calls the driver wrapper which will hand off key agreement task
* to the driver's implementation if a driver is present.
* Fallback specified in the driver wrapper is built-in raw key agreement
* (psa_key_agreement_raw_builtin).
*/
static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
psa_key_slot_t *private_key,
const uint8_t *peer_key,
@ -5719,38 +5771,20 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
size_t shared_secret_size,
size_t *shared_secret_length )
{
switch( alg )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
case PSA_ALG_ECDH:
if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
mbedtls_ecp_keypair *ecp = NULL;
psa_status_t status = mbedtls_psa_ecp_load_representation(
private_key->attr.type,
private_key->attr.bits,
private_key->key.data,
private_key->key.bytes,
&ecp );
if( status != PSA_SUCCESS )
return( status );
status = psa_key_agreement_ecdh( peer_key, peer_key_length,
ecp,
shared_secret, shared_secret_size,
shared_secret_length );
mbedtls_ecp_keypair_free( ecp );
mbedtls_free( ecp );
return( status );
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
default:
(void) private_key;
(void) peer_key;
(void) peer_key_length;
(void) shared_secret;
(void) shared_secret_size;
(void) shared_secret_length;
return( PSA_ERROR_NOT_SUPPORTED );
}
if( !PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
return( PSA_ERROR_NOT_SUPPORTED );
psa_key_attributes_t attributes = {
.core = private_key->attr
};
return( psa_driver_wrapper_key_agreement( &attributes,
private_key->key.data,
private_key->key.bytes, alg,
peer_key, peer_key_length,
shared_secret,
shared_secret_size,
shared_secret_length ) );
}
/* Note that if this function fails, you must call psa_key_derivation_abort()
@ -5763,7 +5797,7 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *
size_t peer_key_length )
{
psa_status_t status;
uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
uint8_t shared_secret[PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE];
size_t shared_secret_length = 0;
psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg );
@ -5964,7 +5998,7 @@ psa_status_t psa_generate_random( uint8_t *output,
if( status != PSA_SUCCESS )
return( status );
/* Breaking up a request into smaller chunks is currently not supported
* for the extrernal RNG interface. */
* for the external RNG interface. */
if( output_length != output_size )
return( PSA_ERROR_INSUFFICIENT_ENTROPY );
return( PSA_SUCCESS );