Przemek Stekiel
46b2d2b643
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-07 09:34:17 +02:00
Przemek Stekiel
615cbcdbdf
Provide additional comments for claryfication
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-06 12:16:39 +02:00
Przemek Stekiel
7ac93bea8c
Adapt names: dh -> xxdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Przemek Stekiel
6f199859b6
Adapt handshake fields to ffdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:25:00 +02:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2
...
Make use of FFDH keys in TLS 1.3 v.2
2023-07-03 10:12:33 +02:00
Przemek Stekiel
7dda271c1d
Fix description of functions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-28 09:16:08 +02:00
Tom Cosgrove
db041cc82f
Merge pull request #7665 from AndrzejKurek/optimize-error-translation-code-size
...
Optimize error translation code size
2023-06-28 08:09:00 +01:00
Valerio Setti
6835b4a6ed
tls: always zeroize buffer on exit
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-22 09:06:31 +02:00
Valerio Setti
3589a4c644
tls: keep buffer declaration in a single line
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-22 09:02:44 +02:00
Valerio Setti
b46217d5c1
tls: never destroy a priavte key that is not owned/created by TLS module
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 13:18:52 +02:00
Valerio Setti
0813b6f28d
tls: optimize code in ssl_get_ecdh_params_from_cert()
...
When MBEDTLS_PK_USE_PSA_EC_DATA is defined, opaque and non-opaque keys
are basically stored in the same way (only a diffferent ownership for
the key itself), so they should be treated similarly in the code.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:18:53 +02:00
Andrzej Kurek
1e4a030b00
Fix wrong array size calculation in error translation code
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-13 05:46:47 -04:00
Andrzej Kurek
1c7a99856f
Add missing ifdefs
...
Make sure that the error translating functions
are only defined when they're used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-13 05:46:47 -04:00
Andrzej Kurek
0064484a70
Optimize error translation code size
...
Introducing an intermediate function
saves code size that's otherwise taken by excessive,
repeated arguments in each place that
was translating errors.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-13 05:46:46 -04:00
Przemek Stekiel
75a5a9c205
Code cleanup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
Przemek Stekiel
da4fba64b8
Further code optimizations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
24e50d3dbd
Compile out length check to silent the compiler warning
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Manuel Pégourié-Gonnard
6076f4124a
Remove hash_info.[ch]
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
8857984b2f
Replace hash_info macro with MD macro
...
Now the MD macro also accounts for PSA-only hashes.
Just a search-and-replace, plus manually removing the definition in
hash_info.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
7b1136836c
Merge pull request #7438 from valeriosetti/issue7074
...
Avoid parse/unparse private ECC keys in PK with USE_PSA when !ECP_C
2023-06-01 10:06:45 +02:00
Valerio Setti
d0405093d9
tls: use pk_get_group_id() instead of directly accessing PK's structure
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-24 16:02:32 +02:00
Thomas Daubney
f9f0ba8211
Use functions in alignment.h to get value
...
Refactor code using get functions from alignment.h to
read values.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-05-24 06:24:16 +01:00
Valerio Setti
972077820b
tls/x509: minor enhancement for using the new private key format
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-23 15:12:07 +02:00
Valerio Setti
3f00b84dd1
pk: fix build issues
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 12:57:06 +02:00
Valerio Setti
77a75685ed
pk: align library and tests code to the new internal functions
...
Note = programs are not aligned to this change because:
- the original mbedtls_pk_ec is not ufficially deprecated
- that function is used in tests when ECP_C is defined, so
the legacy version of that function is available in that
case
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 11:18:46 +02:00
Valerio Setti
4f387ef277
pk: use better naming for the new key ID field
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 10:59:32 +02:00
Valerio Setti
048cd44f77
pk: fix library code for using the new opaque key solution
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 10:59:32 +02:00
Ronald Cron
fe01ec2d57
tls12: srv: Use sizeof() instead of constant
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
c564938180
Add downgrade protection mechanism
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
6291b23080
tls: Add logic in handshake step to enable server version negotiation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Valerio Setti
77a904c761
ssl: remove useless guard
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
1fa5c56863
ssl_tls: fix guard symbols for EC accelerated tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Tom Cosgrove
6ef9bb3d74
Implement and use MBEDTLS_STATIC_ASSERT()
...
Fixes #3693
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 14:19:51 +00:00
Andrzej Kurek
8a045ce5e6
Unify PSA to Mbed TLS error translation
...
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:44 -05:00
Manuel Pégourié-Gonnard
b8b07aa24a
Handle errors from functions that now return int
...
A few functions were changed from returning void to returning int three
commits ago. Make sure their callers check the return values.
This commits was basically a matter of declaring newly-int-returning
functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting
warnings. A few functions had to be made int in the process; they were
applied the same process as well.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Gilles Peskine
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Valerio Setti
1e868ccbac
fix several typos and extra blank spaces
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 17:59:46 +01:00
Valerio Setti
2b5d3ded1f
remove remaining occurencies of mbedtls_ecc_group_to_psa() from TLS
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 11:04:52 +01:00
Valerio Setti
40d9ca907b
tls: remove useless legacy function
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-04 16:08:04 +01:00
Valerio Setti
18c9fed857
tls: remove dependency from mbedtls_ecp_curve functions
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 13:03:34 +01:00
Jerry Yu
ac5ca5a0ea
Refactor cookie members of handshake struct
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 19:58:45 +08:00
Manuel Pégourié-Gonnard
ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2
...
CID update to RFC 9146
2022-11-29 09:25:14 +01:00
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
...
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
Valerio Setti
819de86895
tls: removed extra white spaces and other minor fix
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 18:05:19 +01:00
Valerio Setti
6b3dab03b5
tls: psa_pake: use a single function for round one and two in key exchange read/write
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 17:14:54 +01:00
Valerio Setti
9bed8ec5d8
tls: psa_pake: make round two reading function symmatric to the writing one
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:36:19 +01:00
Valerio Setti
a988364767
tls: psa_pake: fix missing new round one parsing function on tls12 server
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:35:02 +01:00
Valerio Setti
a08b1a40a0
tls: psa_pake: move move key exchange read/write functions to ssl_tls.c
...
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:34:59 +01:00
Paul Elliott
96a0fd951f
Fix signature algorithms list entry getting overwritten by length.
...
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Valerio Setti
6f1b5741ae
tls12: psa_pake: simplify EC info parsing in server's 2nd round
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 14:50:13 +01:00