yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
20947 commits 1 branch 0 tags 94 MiB
Commit graph

145 commits

Author SHA1 Message Date
Przemyslaw Stekiel
c0824bfb11 Change mbedtls_ssl_tls13_key_schedule_stage_handshake() to use psa_raw_key_agreement() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:19:45 +01:00
Gabor Mezei
9607ab4dbd
Prevent function not used compilation error 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-10 10:57:24 +01:00
Gabor Mezei
a3eecd242c
Implement HKDF expand in TLS 1.3 based on PSA HMAC 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-10 10:57:23 +01:00
Przemyslaw Stekiel
f9cd60853f ssl_tls1X_populate_transform(): import psa keys only if alg is not MBEDTLS_SSL_NULL_CIPHER 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-01 11:25:55 +01:00
Przemyslaw Stekiel
77aec8d181 Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel
89dad93a78 Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
f57b45660d Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention. 
New function name:  mbedtls_ssl_cipher_to_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
9b22c2b1e6 Rename: mbedtls_cipher_to_psa -> tls_mbedtls_cipher_to_psa 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
6be9cf542f Cleanup the code 
Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
fe7397d8a7 Fix key attributes encrypt or decrypt only (not both) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
dd7b501c92 Move PSA init after taglen is set 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
e87475d834 Move psa_status_to_mbedtls to ssl_misc.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
1fe065b235 Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
76e1583483 Convert psa status to mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
11a33e6d90 Use PSA_BITS_TO_BYTES macro to convert key bits to bytes 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ae77b0ab28 mbedtls_ssl_tls13_populate_transform: store the en/decryption keys and alg in the new fields 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
lhuang04
a3890a3427 Swap the client and server random for TLS 1.3 
Summary:

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-01-27 06:00:43 -08:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:47:55 +01:00
Jerry Yu
a5563f6115 move position of base_key init 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 18:14:36 +08:00
Jerry Yu
b737f6a9be move base_key init 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 17:55:59 +08:00
Jerry Yu
9c07473ebc fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 17:12:43 +08:00
Jerry Yu
889b3b76da fix clang build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:57:45 +08:00
Jerry Yu
4a2fa5d0aa Move erase handshake secrets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:37:14 +08:00
Jerry Yu
27224f58be fix coding style issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu
23ab7a46a3 move zeroize master secrets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu
2c70a39d97 move zeroize randbytes 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu
6eaa41c15e Fix overflow error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Xiaofei Bai
d25fab6f79 Update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-12-02 06:36:27 +00:00
Xiaofei Bai
feecbbbb93 Fix some variable names in code comment 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Xiaofei Bai
b7972840fd Fix variable names in ssl_tls13_keys.* 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Xiaofei Bai
746f9481ea Fix 1_3/13 usages in macros and function names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
XiaokangQian
a4c99f2c2d Remove useless blank line 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-11 06:46:35 +00:00
XiaokangQian
3306284776 Change code base on comments 
Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-11 03:37:45 +00:00
XiaokangQian
d0aa3e9307 Inprove code base on review comments 
Change debug messag for server finished.
Change name of generate_application_keys.
Remove the client vertificate tests from ssl-opt.sh.
Add test strings for server finished in ssl-opt.sh.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 06:17:40 +00:00
XiaokangQian
aaa0e197a8 Change the alignment and names of functions and a macro 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 03:07:04 +00:00
XiaokangQian
c5c39d5800 Change code for styles and comments .etc 
Remove useless code in union.
Rename functions and parameters.
Move definitions into othe files.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian
b51f8841c4 Change comments for export_keys callback 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian
ac0385c08f Change code based on comments 
Move set_state function into client
Add back export_key callback function in generate
application keys

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian
61bdbbc18b Add cleanup in functions for secure reason 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian
f26f6ade0c Rebase and solve conflicts 
Remove the double definition and change name

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian
f13c56032f Revert some changes about tls13 and macros 
There is one PR #4988 to change it in the future

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian
7c91705e21 Remove support for MBEDTLS_SSL_EXPORT_KEYS 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian
a763498490 Change code based on commetns 
Focus on the code style, naming rule,etc.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian
4cab0240c7 Change coding style 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian
aa5f5c1f5d TLS1.3: Add server finish processing in client side 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:22 +00:00
Jerry Yu
ad3a113fc6 Remove MBEDTLS_SSL_EXPORT_KEYS 
It is always on now in `development`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:46:43 +08:00
Jerry Yu
b85277e3af Address various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:29 +08:00
Jerry Yu
435208a949 Improve generate_handshake_keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:29 +08:00
Jerry Yu
c068b6671e Rename tls13 prefix to fix coding issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:28 +08:00
Jerry Yu
f0ac2352d6 Refactor key_schedule_stage_handshake 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:28 +08:00
Jerry Yu
5ccfcd4ca1 Add local variable to represent handshake 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:28 +08:00
Jerry Yu
a0650ebb9d tls13: add handshake key schedule 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:28 +08:00
Jerry Yu
61e35e0047 tls13: add generate handshake keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:28 +08:00
Jerry Yu
6ca7c7fd6b Remove useless variables 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-28 18:51:40 +08:00
Jerry Yu
e06f4532ef remove useless code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
4836952f9d fix tls1_3 prefix issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
b65eb2f3cf Revert "tls13: add generate handshake keys" 
This reverts commit f02ca4158674b974ae103849c43e0c92efc40e8c.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
e3131ef7f3 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
000f976070 Rename get_handshake_transcript 
- Remove tls13 prefix
- Remove TLS1_3 macro wrap

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
4925ef5da1 tls13: add generate handshake keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
89ea321d96 tls13: add key_schedule_stage_early_data 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Joe Subbiani
2194dc477a Replace MBEDTLS_CHAR_x with MBEDTLS_BYTE_x 
The CHAR macros casted to an unsigned char which in this project
is garunteed to be 8 bits - the same as uint8_t (which BYTE casts
to) therefore, instances of CHAR have been swapped with BYTE and
the number of macros have been cut down

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
 2021-08-19 09:56:47 +01:00
Joe Subbiani
cd84d76e9b Add Character byte reading macros 
These cast to an unsigned char rather than a uint8_t
like with MBEDTLS_BYTE_x
These save alot of space and will improve maintence by
replacing the appropriate code with MBEDTLS_CHAR_x

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
 2021-08-19 09:55:41 +01:00
Hanno Becker
dfba065d80 Adjust ssl_tls13_keys.c to consolidated CID/1.3 padding granularity 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker
f62a730e80 Add missing semicolon in TLS 1.3 transform generation code 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker
edd5bf0a95 Fix and document minimum length of record ciphertext in TLS 1.3 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker
7887a77c25 Match parameter check in TLS 1.3 populate transform to 1.2 version 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker
c94060c641 Add TLS 1.3 specific key to SSL transform conversion function 
This commit adds the TLS 1.3 specific internal function

```
  mbedtls_ssl_tls13_populate_transform()
```

which creates an instance of the SSL transform structure
`mbedtls_ssl_transform` representing a TLS 1.3 record protection
mechanism.

It is analogous to the existing internal helper function

```
   ssl_tls12_populate_transform()
```

which creates transform structures representing record
protection mechanisms in TLS 1.2 and earlier.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:52:49 +01:00
Hanno Becker
cd817b0630 Remove misleading comment in TLS 1.3 key schedule code 
The implementation documentation of

```
   mbedtls_ssl_tls1_3_derive_early_secrets()
```

mentioned the PSK binder key, which is misleading because the
function doesn't actually calculate it.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-31 19:40:45 +01:00
Hanno Becker
28e5f1ed57 Avoid unused variable warning in TLS 1.3 PSK binder calculation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-26 09:29:49 +01:00
Hanno Becker
b7d9bad6be Add helper function for calculation of TLS 1.3 PSK binder 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-24 11:20:30 +01:00
Hanno Becker
ef5235bc2e Add TLS 1.3 second level key derivations 
This commit adds helper functions to ssl_tls13_keys.[ch]
allowing to derive the secrets specific to each stage of
a TLS 1.3 handshake (early, handshake, application) from
the corresponding master secret (early secret, handshake
secret, master secret).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-24 08:32:24 +01:00
Chris Jones
84a773f8e6 Rename ssl_internal.h to ssl_misc.h 
Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-03-10 12:52:37 +00:00
Chris Jones
e2191cd789 Update includes to use library/ instead of include/mbedtls/ 
Simple find and replace using `#include (<|")mbedtls/(.*)_internal.h(>|")`
and `#include $1$2_internal.h$3`.

Also re-generated visualc files by running
`scripts/generate_visualc_files.pl`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-03-10 12:52:37 +00:00
Hanno Becker
531fe3054c Comment on hardcoding of maximum HKDF key expansion of 255 Bytes 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-16 09:50:17 +01:00
Hanno Becker
61baae7c9f Minor fixes and improvements in TLS 1.3 key schedule documentation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-16 09:47:47 +01:00
Hanno Becker
2dfe1327e5 Fix miscalculation of maximum TLS 1.3 HKDF label length 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-10 09:23:12 +01:00
Hanno Becker
0c42fd94bb Fix Doxygen documentation of mbedtls_ssl_tls1_3_derive_secret() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-09 12:58:29 +01:00
Hanno Becker
97a21567df Move misplaced comment 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-09 12:57:16 +01:00
Hanno Becker
1413bd8ae9 Simplify identification of TLS 1.3 labels in unit test suite 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-09 12:46:09 +01:00
Hanno Becker
59b50a1997 Don't use _xxx naming for local variables in ssl_tls13_keys.c 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-09 10:58:52 +01:00
Hanno Becker
70d7fb0c2d Don't hardcode TLS 1.3 labels in test cases 
ssl_tls1_3_keys.c exports a structure containing all labels used
in the TLS 1.3 key schedule, but the TLS 1.3 key scheduling unit
tests so far replicated those labels in the test file. In particular,
wrong label values in ssl_tls1_3_keys.c wouldn't have been caught
by the unit tests.

This commit modifies the TLS 1.3 key schedule unit tests to use
the TLS 1.3 labels as exported by ssl_tls1_3_keys.c. This not only
makes sure that those labels are correct, but also avoids hardcoding
their hex-encoding in the test file.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-09 10:17:37 +01:00
Hanno Becker
a3a5a4e1f9 Please check-names.sh 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 11:33:48 +01:00
Hanno Becker
815869ac9c Improve documentation of ssl_tls1_3_hkdf_encode_label() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 11:16:16 +01:00
Hanno Becker
00debc734b Minor improvement in ssl_tls13_keys.c 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 11:12:24 +01:00
Hanno Becker
493ea7f4ae Remove instances of camelCase in TLS 1.3 key schedule 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 11:08:06 +01:00
Hanno Becker
939bb4d8f6 Initialize TLS 1.3 label prefix with string literal 
This is in line with how the entries of the TLS 1.3 label
structure `mbedtls_ssl_tls1_3_labels` are initialized.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 10:48:55 +01:00
Hanno Becker
9cb0a146f1 Remove duplicated computation of TLS 1.3 HKDF label length 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 10:48:14 +01:00
Hanno Becker
e4435ea777 Introduce TLS 1.3 labels in a single place 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 10:43:52 +01:00
Hanno Becker
1981cb2972 Use uniform naming for TLS 1.3 label fields 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 10:36:29 +01:00
Hanno Becker
58c5cea73b Include common.h from ssl_tls13_keys.c 
`common.h` takes care of the logic of chosing the correct
configuration file, so we don't need to replicate it in
each source file.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 10:31:33 +01:00
Hanno Becker
e9cccb440c Implement TLS 1.3 key evolution function 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 10:28:28 +01:00
Hanno Becker
b35d52240b Implement TLS 1.3 key derivation function Derive-Secret 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 10:28:28 +01:00
Hanno Becker
3385a4d5cf Implement TLS 1.3 traffic key generation 
See the documentation in library/ssl_tls13_keys.h.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 10:28:28 +01:00
Hanno Becker
be9d6648f8 Implement TLS 1.3 key derivation function HKDF-Expand-Label 
This commit introduces a new file library/ssl_tls13_key.c
which will subsequently be populated with functionality relating
to the TLS 1.3 key schedule.

Those functions are expected to be internal and are documented
in the internal header library/ssl_tls13_keys.h.

The first function to be implemented is the key expansion
function `HKDF-Expand-Label`. See the documentation in
library/ssl_tls13_keys.h for more information.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2020-09-08 10:28:06 +01:00