Commit graph

8922 commits

Author SHA1 Message Date
Jerry Yu
e8c1fca67c move trafic set to generic
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Jerry Yu
d6e253ded9 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Jerry Yu
4d8567fa9e fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
03ed50ba6a Add handshake wrapup
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
ff2269889d Add client finished
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
27bdc7c6b6 Implement write server finish
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
69dd8d4091 tls13:finished:add dummy frame work
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Ronald Cron
9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
2022-05-17 17:01:55 +02:00
Paul Elliott
a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify
TLS1.3:Add Certificate and CertificateVerify message on Server Side
2022-05-17 15:47:36 +01:00
Paul Elliott
114203814a Better check for NULL pointer
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-17 15:01:20 +01:00
Neil Armstrong
bbb8b75f20 Fixup comment of mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:58:27 +02:00
Neil Armstrong
408f6a60a3 Add usage parameter to mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:23:20 +02:00
Neil Armstrong
dab56ba2bd Fix typo in mbedtls_pk_can_do_ext() code documentation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 11:56:55 +02:00
Gilles Peskine
3e56130fb9 psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.

The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.

Fixes #5735.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:37:54 +02:00
Dave Rodgman
2a045325f9
Merge pull request #5766 from leorosen/fix-var-init
Add missing local variable initialization
2022-05-16 14:47:00 +01:00
Gilles Peskine
9b7e29663f
Merge pull request #4211 from ccawley2011/mingw
Fix compilation with MinGW32
2022-05-16 12:30:37 +02:00
Leonid Rozenboim
a3008e7e2e Add missing local variable initialization
These issues were flagged by Coverity as instances where a local
variable may be used prior to being initialized. Please note that
none of these changes fixes any particular bug, this is just an attempt
to add more robustness.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-05-13 18:08:11 +01:00
Paul Elliott
dd428d3650 Fix incorrect error message
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-13 17:43:16 +01:00
Gabor Mezei
696956da24
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-13 17:02:19 +02:00
Gabor Mezei
0a4298bbe9
Remove unnecessary duble conversion
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-13 17:02:18 +02:00
Jerry Yu
b89125b81a Add test without server certificate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-13 15:50:04 +08:00
Jerry Yu
23d1a256ec fix hrr handler undefine fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 20:11:16 +08:00
Neil Armstrong
a88b15897d Add implementation of mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-12 11:53:02 +02:00
Dave Rodgman
8b65420f42 Add comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-12 09:45:03 +01:00
Jerry Yu
5a26f3000d Refactor cert exchange states
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00
Jerry Yu
f1c3c4e77c fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00
Jerry Yu
c6e6dbf2e7 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00
Jerry Yu
4ff9e14356 Add server certificate verfiy
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:14 +08:00
Jerry Yu
1bff711a36 tls13:server:add server certificate writing
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:14 +08:00
Jerry Yu
83da34eb59 tls13:server:add dummy write certificate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:14 +08:00
Andrzej Kurek
5c65c5781f Fix additional misspellings found by codespell
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Gabor Mezei
86acf05b1e
Update signiture algorithm handling
Rename local variables and to simplify things use static_assert to
determine if the default signiture algorithms are not fit into the
SSL handshake structure.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:19 +02:00
Gabor Mezei
53a3b14823
Update documntation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:19 +02:00
Gabor Mezei
c1051b62aa
Remove MBEDTLS_SSL_SIG_ALG_SET macro
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:19 +02:00
Gabor Mezei
3631cf693a
Rename signiture algorithm macros to better suite with TLS 1.2
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:19 +02:00
Gabor Mezei
24c7c2be08
Unify MBEDTLS_TLS_SIG_NONE macro definition for TLS 1.2 and 1.3
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
a3d016ce41
Rename and rewrite mbedtls_ssl_sig_hash_set_find function
Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name
and rewrite to operate TLS signature algorithm identifiers.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
1226590c88
Explicitly set invalid value for the end of the signiture algorithm set
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
15b95a6c52
Use common macro for the invalid signiture algorithm botn in TLS 1.2 and 1.3
Introduce a new macro MBEDTLS_TLS_SIG_NONE for invalid signiture algorithm.
It is intended to use in common code of TLS 1.2 and 1.3.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
1a3be088bf
Reorder defines to use previous definitions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
078e803d2c
Unify parsing of the signature algorithms extension
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:08 +02:00
Przemek Stekiel
17520fe2c5 PSA: Add support for HKDF-Extend and HKDF-Expand algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:17:03 +02:00
Manuel Pégourié-Gonnard
5479f5321a
Merge pull request #5772 from superna9999/5762-rsa-decrypt-pk
RSA decrypt 1a: PK
2022-05-11 11:01:01 +02:00
Paul Elliott
d1a954d243
Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request
TLS1.3: Add  HelloRetryRequest Write
2022-05-10 17:25:33 +01:00
Dave Rodgman
4bfb007dcb Handle platform differences in gmtime_s
MSVC and C11 specify different arguments and return value
meaning for gmtime_s.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-10 13:46:09 +01:00
Dave Rodgman
ad8dc480d4 Remove redundant comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-10 13:46:09 +01:00
Cameron Cawley
ea5496ceb3 Fix compilation with MinGW32
Signed-off-by: Cameron Cawley <ccawley2011@gmail.com>
2022-05-10 13:46:09 +01:00
Manuel Pégourié-Gonnard
42650260a9
Merge pull request #5783 from mprse/md_dep_v3
Fix undeclared dependencies: MD
2022-05-10 10:41:32 +02:00
Jerry Yu
f41553b662 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 22:20:30 +08:00
Manuel Pégourié-Gonnard
9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks
Unify non-opaque and opaque PSKs
2022-05-09 10:15:16 +02:00
Jerry Yu
ead5cce22c improve readability
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:58:50 +08:00
Jerry Yu
4ca9140d43 fix coding style issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:55:39 +08:00
Jerry Yu
66d9e6f405 refactor next state of client hello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:11 +08:00
Jerry Yu
4833056833 fix ci test fails
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:11 +08:00
Jerry Yu
7f157eb31f Change alert message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:11 +08:00
Jerry Yu
b8ac19a296 send alert when second hrr needed
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:09 +08:00
Jerry Yu
6a2cd9ebf5 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:08 +08:00
Jerry Yu
b0ac10b4a8 Refactor hrr key_share
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:06 +08:00
Jerry Yu
49ca92892d refactor HRR routine
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:05 +08:00
Jerry Yu
086edc2807 refactor parse key_share ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:04 +08:00
Jerry Yu
fbe3e64b76 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:03 +08:00
Jerry Yu
c1be19f226 misc:minor improvement
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:01 +08:00
Jerry Yu
23f7a6fc5c share write_body between HRR and ServerHello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:01 +08:00
Jerry Yu
582dd069b7 Add HRR handler
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:01 +08:00
Jerry Yu
fe24d1c9f5 add named group debug helper
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:00 +08:00
Jerry Yu
93a13f2c38 Share magic word of HRR
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:48:59 +08:00
Jerry Yu
67a2c37039 tls13:hrr:add empty frame work
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:48:59 +08:00
XiaokangQian
aad9b0a286 Update code base on comments
Change-Id: Ibc5043154515d2801565a2b99741dfda1344211c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-09 01:11:21 +00:00
XiaokangQian
a987e1d2f8 Change state machine after encrypted extension and update cases
Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
ec6efb98bc Change variable name to output_len
Change-Id: I0f8a40da9782b2ec7af7e6f1faf1ac5c7e589418
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
cec9ae6259 Change the code places of CERTIFICATE_REQUEST
Change-Id: I3aa293184fea4f960782675bdd520256c808bd4e
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
45c22201b3 Update test cases and encrypted extension state set
Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
2f150e184f Update status and add test cases for client certificate request
Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
1f1f1e3372 Temp change to align with client/server hello style
Change-Id: I8befbbcb5d6f7fdb230022825dcb856e19d9bec0
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
9dc4450647 Fix commets issue about coding styles
Change-Id: I930a062e137562e0b129b9b9b191e5c864f8104d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
eaf3651e31 Rebase and solve conflicts
Change handshake_msg related functions
Share the ssl_write_sig_alg_ext

Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
Xiaofei Bai
5ee73d84a9 Address review comments
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-05-07 01:37:04 +00:00
Xiaofei Bai
9ca09d497f Add writing CertificateRequest msg on server side
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-05-07 01:37:04 +00:00
Pol Henarejos
b101cb6111
Since the group is unloaded for all curves, it is better to initialize the group also for all curves.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-05-06 18:43:58 +02:00
Ronald Cron
25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext
TLS1.3: add writing encrypted extensions on server side.
2022-05-06 13:54:45 +02:00
Przemek Stekiel
c1e41bb2b5 rsa.c: remove redundant include of md.h
rsa.c includes rsa.h that includes md.h

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 11:42:18 +02:00
Przemek Stekiel
ef1fb4a3d3 Deprecate mbedtls_cipher_setup_psa()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 10:55:10 +02:00
Jerry Yu
ef2b98a246 fix coding style issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-06 16:40:05 +08:00
Jerry Yu
f86eb75c58 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-06 11:16:55 +08:00
Pol Henarejos
aa68d36234
Fix order value for curve x448.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-05-05 19:22:29 +02:00
Neil Armstrong
8ecd66884f Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-05 14:01:49 +02:00
Jerry Yu
e110d258d9 Add set outbound transform
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-05 19:59:59 +08:00
Werner Lewis
e59a531455 Fix memcpy() UB in mbedtls_asn1_named_data()
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 11:45:06 +01:00
Neil Armstrong
80f6f32495 Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
044a32c4c6 Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
cd05f0b9e5 Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
e952a30d47 Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
61f237afb7 Remove PSA-only code dealing with non-opaque PSA key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
501c93220d Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
b743d95051 Do not erase input key in psa_tls12_prf_psk_to_ms_set_key()
When ALG_TLS12_PSK_TO_MS() is used, first derivation is correct
but the following derivations output data is incorrect.

This is because input key is erased in psa_tls12_prf_psk_to_ms_set_key()
since commit 03faf5d2c1.

Fixes: 03faf5d2c1 ("psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage")
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:06:22 +02:00
Neil Armstrong
30beca35f1 Guard pk_opaque_rsa_decrypt() with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
Then mbedtls_pk_error_from_psa_rsa() also needs to be guarded with
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR to be used by pk_opaque_rsa_decrypt()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:02:37 +02:00
Jerry Yu
9da5e5a2f2 fix coding style issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-03 15:46:09 +08:00
Jerry Yu
de66d12afc remove out couter reset
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-03 12:15:19 +08:00
Jerry Yu
39730a70cd remove variable initial
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-03 12:14:04 +08:00
Jerry Yu
8937eb491a fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-03 12:12:14 +08:00
Neil Armstrong
6c26adc900 Do not make pk_opaque_rsa_decrypt() depend on MBEDTLS_RSA_C
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-02 14:43:04 +02:00
Neil Armstrong
1082818003 Implement PK Opaque RSA decrypt
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-02 09:14:58 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
2022-04-29 10:47:16 +02:00
Przemek Stekiel
169bf0b8b0 Fix comments (#endif flags)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-29 07:53:29 +02:00
Neil Armstrong
a1fc18fa55 Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Gilles Peskine
8855e36030
Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup
Cipher cleanup: abstract TLS mode
2022-04-28 12:33:38 +02:00
Przemek Stekiel
8a4b7fd7c3 Optimize code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 10:21:03 +02:00
Jerry Yu
ab452cc257 fix name issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-28 15:27:08 +08:00
Przemek Stekiel
8abcee9290 Fix typos
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-28 09:16:28 +02:00
Neil Armstrong
2230e6c06d Simplify PSA transform->ivlen set in ssl_tls12_populate_transform()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-27 10:36:14 +02:00
Neil Armstrong
3bf040ed70 Reorganize PSA/!PSA code in mbedtls_ssl_ticket_setup()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-27 10:35:28 +02:00
Gilles Peskine
301711e96e Simplify mbedtls_ssl_get_base_mode
Reduce the amount of ifdef's by making the USE_PSA_CRYPTO and
non-USE_PSA_CRYPTO definitions independent.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-27 10:28:55 +02:00
Gilles Peskine
e108d987ea Simplify mbedtls_ssl_get_mode
Reduce the imbrications between preprocessor directives and C instructions.
Handle encrypt-then-mac separately.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-27 10:28:55 +02:00
Jerry Yu
4d3841a4d1 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-25 19:41:47 +08:00
Xiaofei Bai
cba64af50d TLS1.3: add writing encrypted extensions
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-04-25 19:41:47 +08:00
Ronald Cron
eecd0d2fc3
Merge pull request #5679 from yuhaoth/pr/add-tls13-write-server-hello 2022-04-25 09:28:40 +02:00
Jerry Yu
e65d801580 fix undeclare error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-23 10:34:35 +08:00
Biswapriyo Nath
d7e0ee42b8 cmake: Fix runtime library install location in mingw
This install DLLs in bin directory instead of lib.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
2022-04-22 20:59:50 +05:30
Biswapriyo Nath
0f2e87bdf5 cmake: Use GnuInstallDirs to customize install directories
Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable.
For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
2022-04-22 20:59:28 +05:30
Gilles Peskine
2f8c2a5fc5
Merge pull request #5753 from tom-cosgrove-arm/fix-missing-prototypes-warnings-a64-sha256-sha512
Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration
2022-04-22 16:45:23 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap
Improve benchmarking of ECC heap usage
2022-04-22 16:43:11 +02:00
Jerry Yu
955ddd75a3 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 22:27:33 +08:00
Przemek Stekiel
99114f3084 Fix build flags for opaque/raw psk checks
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:34 +02:00
Przemek Stekiel
cb322eac6b Enable support for psa opaque DHE-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
14d11b0877 Enable support for psa opaque ECDHE-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:53:55 +02:00
Przemek Stekiel
19b80f8151 Enable support for psa opaque ECDHE-PSK key exchange on the client side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
51a1f36be0 setup_psa_key_derivation(): change salt parameter to other_secret
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
aeb710fec5 Enable support for psa opaque RSA-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
f2534ba69b tls12_client: skip PMS generation for opaque RSA-PSK
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Przemek Stekiel
c2033409e3 Add support for psa rsa-psk key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Przemek Stekiel
ae4ed30435 Fix naming: random bytes are the seed (not salt) in derivation process
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Przemek Stekiel
1f02703e53 setup_psa_key_derivation(): add optional salt parameter
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Manuel Pégourié-Gonnard
55132c6a9a
Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context
TLS ECDH 4: remove legacy context
2022-04-22 14:27:06 +02:00
Neil Armstrong
76b7407bd7 Use MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM to enable ssl_write_encrypt_then_mac_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
f2c82f0a3b Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
ccc074e44d Use correct condition to use encrypt_then_mac in ssl_tls.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
d1be7674a4 Use PSA_BLOCK_CIPHER_BLOCK_LENGTH instead of PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE in ssl_tls12_populate_transform()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
6b27c97a91 Rename mbedtls_get_mode() to mbedtls_ssl_get_mode()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
ab555e0a6c Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
858581e81a Remove cipher_info in mbedtls_ssl_ticket_setup() when USE_PSA_CRYPTO is defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
a0eeb7f470 Remove cipher_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
7fea33ea4d Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
fe635e42c9 Use mbedtls_get_mode_from_ciphersuite() in server-side ssl_write_encrypt_then_mac_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
4bf4c8675f Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
136f8409df Replace PSA/Cipher logic with mbedtls_get_mode_from_transform()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:26 +02:00
Neil Armstrong
8a0f3e8cf0 Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:26 +02:00
Jerry Yu
a09f5e98ef fix build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:46:03 +08:00