Commit graph

19354 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Manuel Pégourié-Gonnard
fff641a273
Merge pull request #5695 from mprse/tls_1_3_remove_redundant_check
ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check
2022-04-06 09:27:18 +02:00
Ronald Cron
cccbe0eb88
Merge pull request #5516 from tom-daubney-arm/M-AEAD_dispatch_tests
M-AEAD driver dispatch tests
2022-04-05 16:35:37 +02:00
Gilles Peskine
ea75049307
Merge pull request #5689 from yanesca/fix-lts-version-in-guidelines
Fix LTS version in contributing guidelines
2022-04-05 11:11:13 +02:00
Przemek Stekiel
8583627ece psa_ssl_status_to_mbedtls: add conversion of PSA_ERROR_BUFFER_TOO_SMALL
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-05 10:50:53 +02:00
Gilles Peskine
1c7c5969ea
Merge pull request #5683 from paul-elliott-arm/fix_pk_test
Prevent free of uninitialised MPI  variables
2022-04-04 17:51:49 +02:00
Przemek Stekiel
a9f9335ee9 ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check
This check can be removed as if the buffer is too small for the key, then export will fail.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-04 17:32:30 +02:00
Gilles Peskine
c82f62e3a5
Merge pull request #4907 from gilles-peskine-arm/config-baremetal-size-3.0
Disable debugging features in the primary code size measurement job
2022-04-04 16:12:58 +02:00
Thomas Daubney
f38c8c6459 Adds test data for insufficient memory case
This commit adds tests data for the encrypt setup function
to cover the case where there is insufficent memory when
trying to undertake the operation.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:18 +01:00
Thomas Daubney
30583c3e92 Adds test data for fallback test
Commit adds test data needed to test the case where driver
does not support selected algorithm but the library does.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:18 +01:00
Thomas Daubney
5e896d914a Adds test data for encrypt setup test case
This commit adds a positive test case for the
encrypt setup function test.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:18 +01:00
Thomas Daubney
d610191ad6 Adds driver dispatch test for M-AEAD encryption setup
This commit adds a test called aead_encrypt_setup()
which tests that the relevant drivers get called the correct
amount of times when running the multipart AEAD encrypt
setup API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:10 +01:00
Janos Follath
3af3415d89 Fix LTS version in contributing guidelines
The LTS branch hasn't been updated in the contributing guidelines.
Deleting it instead of updating as the information is available at the
link above and deleting prevents similar mistakes in the future.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-04-04 10:46:58 +01:00
Neil Armstrong
e88d190f2e Set ecdh_psa_privkey_is_external to 1 right after setting ecdh_psa_privkey in ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-04 11:27:57 +02:00
Neil Armstrong
f716a700a1 Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-04 11:23:46 +02:00
Manuel Pégourié-Gonnard
de68e39ddf
Merge pull request #5568 from superna9999/5159-pk-rsa-verification
PK: RSA verification
2022-04-04 11:23:33 +02:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2
TLS 1.2/1.3 version negotiation - 2
2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors
Accessors to own CID within mbedtls_ssl_context
2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard
6a25159c69
Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations
HKDF 2: use internal implementations in TLS 1.3
2022-04-01 11:15:29 +02:00
Dave Rodgman
d7bdedc9f6
Merge pull request #5681 from daverodgman/migration
Update references to old Github organisation
2022-04-01 09:51:29 +01:00
Manuel Pégourié-Gonnard
451114fe42
Merge pull request #5647 from superna9999/5179-follow-up-tls-record-hmac-no-mdinfo
Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
2022-04-01 10:04:56 +02:00
Paul Elliott
02758a51df Add tls CID tests
Add tests to test tls coneection id functionality, including the new
'own cid' accessor.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Paul Elliott
0113cf1022 Add accessor for own cid to ssl context
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Ronald Cron
cbd7bfd30e ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests
Force TLS 1.2 on OpenSSL/GnuTLS server
for TLS 1.2 specific tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
634d865d80 ssl-opt.sh: Fix "no TLS 1.3 server support" test check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
11218dda96 ssl_client.c: Fix unused parameter
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
bdb4f58cea Add and update documentation of some minor version fields
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:24:59 +02:00
Paul Elliott
ff59a34606 Prevent free of uninitialised variables
In an error case it was possible for mbedtls_mpi variables to be free'd
uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 17:14:13 +01:00
Ronald Cron
82c785fac3 Make handshake::min_minor_ver client only
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 15:44:41 +02:00
Dave Rodgman
017a19997a Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Neil Armstrong
91477a7964 Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
98f6f78a70 Update mbedtls_pk_wrap_as_opaque() documentation for ECDH derivation usage
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
b7b549aa71 Force server-side TLS1.2 for ECDH- Opaque PK key test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
1335222f13 Return translated PSA error in PSA version of ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
f788253ed3 Fix comment typo in PSA version of ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
023bf8d7c2 Add ECDH- Opaque PK key test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
80325d00cf Allow ECDSA PK Opaque keys for ECDH Derivation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
104a7c1d29 Handle Opaque PK EC keys in ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
8113d25d1e Add ecdh_psa_shared_key flag to protect PSA privkey if imported
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
5cd5f76d67 Use mbedtls_platform_zeroize() in ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
4f33fbc7e9 Use PSA define for max EC key pair size in ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
306d6074b3 Fix indentation issue in PSA version of ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
062de7dd79 Use PSA_BITS_TO_BYTES instead of open-coded calculation in PSA version of ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
1f4b39621b Implement PSA server-side ECDH-RSA/ECDSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Ronald Cron
6476726ce4 Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 14:13:57 +02:00
Ronald Cron
a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1
TLS 1.2/1.3 version negotiation - 1
2022-03-31 11:47:16 +02:00
Ronald Cron
ba120bb228 ssl_tls13_client.c: Fix ciphersuite final validation
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
8fdad9e534 ssl_tls12_client.c: Remove duplicate of ciphersuite validation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
757a2abfe2 ssl_client.c: Extend and export ciphersuite validation function
Extend and export ciphersuite validation function
to be able to use it in TLS 1.2/3 specific code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
f735cf1f0f ssl_tls.c: Fix ciphersuite selection regarding protocol version
Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00