Ronald Cron
de1adee51a
Rename ssl_cli/srv.c
...
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512
...
Add rsae sha384 sha512
2022-03-29 14:01:51 +02:00
Jerry Yu
d73d0a327a
remove unnecessary condition
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-29 16:37:51 +08:00
Manuel Pégourié-Gonnard
39f2f73e69
Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing
...
Restore full TLS compatibility testing
2022-03-28 18:31:17 +02:00
Ronald Cron
e44d8e7eea
Merge pull request #5369 from xkqian/add_2nd_client_hello
...
Add 2nd client hello
2022-03-28 12:18:41 +02:00
XiaokangQian
5c252620c5
Move MAC-ALL to self._ciphs in ssl-opt.sh
...
Change-Id: I60d29560f8937a0001ab4a30086bac255fc4b1eb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-28 08:53:45 +00:00
Przemek Stekiel
6a478ef054
mbedtls_ecp_group_cmp: change names of parameters to more suitable
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-28 07:25:12 +02:00
Przemek Stekiel
ab5274bb19
Remove parameters validation using ECP_VALIDATE_RET
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-28 07:23:08 +02:00
Przemek Stekiel
2076cbe511
Add function name to changelog
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-28 07:22:11 +02:00
XiaokangQian
2e17fb8c93
Change code base on comments
...
Add all of the group pairs for hrr cases
Re-order some parameters
Change-Id: Id7e131d1ed4279bbd586613800df7bd87dfa4c54
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-28 03:30:05 +00:00
Gabor Mezei
ed6d6589b3
Use hash algoritm for parameter instead of HMAC
...
To be compatible with the other functions `mbedtls_psa_hkdf_extract` and
`mbedtls_psa_hkdf_expand` use hash algorithm for parameter.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-26 17:28:06 +01:00
Gabor Mezei
07732f7015
Translate from mbedtls_md_type_t to psa_algorithm_t
...
Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-26 17:04:19 +01:00
Gabor Mezei
5d9a1fe9e9
PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3
...
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-26 15:47:15 +01:00
Ronald Cron
fb39f15fa1
ssl_tls.c: Use ETM status only in CBC mode case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
Ronald Cron
862902dd57
ssl_srv.c: Mark ETM as disabled if cipher is not CBC
...
Encrypt-Then-Mac (ETM) is supported in Mbed TLS TLS
1.2 server only for the CBC cipher mode thus make it
clear in the SSL context.
The previous code was ok as long as the check of
the ETM status was done only in the case of the CBC
cipher mode but fragile as #5573 revealed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
Ronald Cron
618955d381
compat.sh: Fix check for OpenSSL support
...
If OpenSSL does not support a mode (tls12 or
dtls12 or tls13) just skip the tests involving
OpenSSL.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
Ronald Cron
2c74ff629d
compat.sh: Restore full TLS compatibility testing
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
XiaokangQian
a1931448f0
Update hrr test cases generation code without change class
...
Change-Id: I38f620213bf5349d33ecad080538294633f85566
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 11:58:22 +00:00
XiaokangQian
eff93f947d
Rebase code to latest and solve conflicts
...
Change-Id: Id89af63e5d63347f6365c87b2aed419cc31fe0d4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 10:47:55 +00:00
XiaokangQian
8031ba7fbf
Update code base on comments
...
Change run title
Remove dedicate ciphersuite and sig alg
Update test cases
Change-Id: Ic0e9adf56062e744f7bafbc6bb562baeaafd89f0
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 09:27:53 +00:00
Manuel Pégourié-Gonnard
cefa904759
Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor
...
Accessor for mbedtls_timing_delay_context final delay
2022-03-25 09:14:41 +01:00
XiaokangQian
83f818811e
Update test cases in tls13-compat.sh
...
Change-Id: I5e080b3343492dd80ede1305f95d4b5b98cd44a3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:12:35 +00:00
XiaokangQian
68a87e4606
Remove the option r in generate_tls13_compat_tests.py
...
Integrate two options into one
Use one dedicate cipher suite TLS_AES_256_GCM_SHA384
Use on dedicate signature algorithm ecdsa_secp384r1_sha384
Change-Id: Icbe39b985e1942edc4b1e37ce3352eed4f316ab7
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:09:29 +00:00
XiaokangQian
20438976f9
Change comments and styles base on review
...
Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:09:29 +00:00
XiaokangQian
af56fd3b9d
Disable some reported warnings in pylint
...
Change-Id: Ia01e4a425f8b8d83be53d02885cf8ae4cbb20c98
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:08:01 +00:00
XiaokangQian
b9cd73f640
Fix errors from pylint
...
Change-Id: I6cbbf8a0b0acedf651fada6ab54fa03dc4ad9cf5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:06:57 +00:00
XiaokangQian
7069cbc8d5
generate all tls13 hrr test cases for compatible mode
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:06:08 +00:00
XiaokangQian
c02768a399
Replace ssl->handshake with handshake in write_cookie_ext()
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
9b93c0dd8d
Change cookie parameters for dtls and tls 1.3
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
25c9c9023c
Refine cookie len to fix compile issues
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
9deb90f74e
Change parameter names and code style
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
5e3c947841
Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
233397ef88
Update code base on comments
...
Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data
Change code styles and comments
Fix cookie write issues
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
0b64eedba8
Add cookies write in client hello
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
8372e18080
Add 2nd client hello
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
Ronald Cron
90045241e7
Merge pull request #5659 from yuhaoth/pr/fix-wrong-check-certificate-verify
...
TLS1.3: Fix incorrect check for certificate verify
2022-03-25 08:35:41 +01:00
Jerry Yu
6c6f10265d
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-25 11:09:50 +08:00
Paul Elliott
42d5e51a98
Make test function name more accurate
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-24 19:41:28 +00:00
Paul Elliott
27b0d94e25
Use mbedtls_ssl_is_handshake_over()
...
Switch over to using the new function both internally and in tests.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-24 14:43:52 +00:00
Jerry Yu
72d81e56b6
Add cert_sig_algs into offered list
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 22:13:57 +08:00
Jerry Yu
7de79850c9
Add cert_sig_algs for compat generate script
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 20:09:00 +08:00
Jerry Yu
bd1b3278b1
Remove useless code
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 13:07:28 +08:00
Jerry Yu
e6e73d63ec
fix comments issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 13:07:28 +08:00
Tom Cosgrove
226aca195f
Fix running of all.sh on macOS
...
Was getting 'dd: unknown operand status'
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:56 +00:00
Tom Cosgrove
b7f5b97650
Minor changes to sha256.c to bring it in line with sha512.c
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:56 +00:00
Tom Cosgrove
87fbfb5d82
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
...
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.
The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.
There should be minimal code size impact if no A64_CRYPTO option is set.
The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Jerry Yu
e26acee896
Refactor guards for sig algs
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 21:01:33 +08:00
Jerry Yu
f8aa9a44aa
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 20:54:38 +08:00
Manuel Pégourié-Gonnard
5e4bf95d09
Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies
...
MD: HMAC in DTLS cookies
2022-03-23 13:05:24 +01:00
Jerry Yu
8c3388620d
create sig_alg decode function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 13:34:04 +08:00