Commit graph

5443 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
3e0ea98b7c
Merge pull request #6451 from mpg/fix-can-exercise
Fix can_exercise() for RSA and hashes
2022-10-26 10:18:52 +02:00
Ronald Cron
571f1ff6dc Make sure TLS 1.2 kex macros are undefined in builds without TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
d8d2ea5674 Add TLS 1.3 key exchange mode config options
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.

These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:41:57 +02:00
Manuel Pégourié-Gonnard
98b91d40d6 RSA PKCS#1 v1.5 no longer depends on MD
This has been the case since
https://github.com/Mbed-TLS/mbedtls/pull/6065 which forgot to update the
documentation, and also is_builtin_calling_md(), so update those.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-19 10:59:30 +02:00
Dave Rodgman
f33da19dfb
Merge pull request #6413 from daverodgman/update_docs_links
Update documentation links
2022-10-14 17:42:48 +01:00
Gilles Peskine
8874cd570e
Merge pull request #4826 from RcColes/development
Add LMS implementation
2022-10-14 18:33:01 +02:00
Ronald Cron
49e4184812
Merge pull request #6299 from xkqian/tls13_add_servername_check
Add server name check when proposing pre-share key
2022-10-13 16:00:59 +02:00
Raef Coles
29c490db97
Update LMS calculate_public_key docs
To avoid the word "generate"

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:34 +01:00
Raef Coles
07b70d9196
Correct typo in LMS config check
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:28 +01:00
Raef Coles
1b43a7448d
Clean up LMS and LMOTS feature dependencies
Remove SHA256 dependencies from tests, fix incorrect boolean logic in
check_config, and change depends_hashes.pl to disable LMS in one test

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:26 +01:00
Raef Coles
3c4ae77fec
Improve LMS private context documentation
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:45 +01:00
Raef Coles
285d44b180
Capitalize "Merkle" in LMS and LMOTS code
As it is a proper noun

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:43 +01:00
Raef Coles
9b0daf60fb
Improve LMS private function warning
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:38 +01:00
Raef Coles
370cc43630
Make LMS public key export part of public key api
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:28 +01:00
Raef Coles
be3bdd8240
Rename LMS and LMOTS init/free functions
To match convention

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:18 +01:00
Raef Coles
2ac352a322
Make LMS functions args const where required
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:14 +01:00
Raef Coles
f6ddd51bfd
Sanitize LMS and LMOTS macros
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:13 +01:00
Raef Coles
5127e859d7
Update LMS and LMOTS dependency macros
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:11 +01:00
Raef Coles
56fe20a473
Move MBEDTLS_PRIVATE required defines into lms.h
From lmots.h, as it is a private header

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:10 +01:00
Raef Coles
ab300f15e8
Move public header content from lmots.h to lms.h
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:08 +01:00
Raef Coles
403558c1c9
Fix LMS function documentation
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:57 +01:00
Raef Coles
9b88ee5d5d
Fix LMS and LMOTS coding style violations
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:40 +01:00
Raef Coles
366d67d9af
Shorted LMS and LMOTS line-lengths
To attempt to comply with the 80-char suggestion

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:38 +01:00
Raef Coles
e9479a0264
Update LMS API to support multiple parameter sets
Parameterise macros to allow variation of sizes

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:36 +01:00
Raef Coles
ab4f87413a
Add MBEDTLS_LMS_PRIVATE define
To enable private key operations

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:35 +01:00
Raef Coles
01c71a17b3
Update LMS and LMOTS api
Fix function names and parameters. Move macros to be more private.
Update implementation.

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:25 +01:00
Raef Coles
c8f9604d7b
Use PSA hashing for LMS and LMOTS
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:23 +01:00
Raef Coles
7dce69a27a
Make LMOTS a private api
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:22 +01:00
Raef Coles
2ad6e611f0
Update LMS/LMOTS documentation
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:20 +01:00
Raef Coles
0aa18e041f
Note that LMS sign function is for testing only
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:18 +01:00
Raef Coles
c464746d45
Document LMS and LMOTS contexts
And add some comments about the source of their type IDs

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:17 +01:00
Raef Coles
8ff6df538c
Add LMS implementation
Also an LM-OTS implementation as one is required for LMS.

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:15 +01:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Dave Rodgman
b319684bca Additional updates to docs links
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-12 16:47:08 +01:00
Xiaokang Qian
baa4764d77 Fix typo issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
ed3afcd6c3 Fix various typo and macro guards issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
03409290d2 Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
2f9efd3038 Address comments base on review
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:49 +00:00
Xiaokang Qian
bc663a0461 Refine code based on commnets
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:01 +00:00
Xiaokang Qian
adf84a4a8c Remove public api mbedtls_ssl_reset_hostname()
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:05:11 +00:00
Xiaokang Qian
281fd1bdd8 Add server name check when proposeing pre-share key
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:41 +00:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Ronald Cron
78317c832b
Merge pull request #6327 from yuhaoth/pr/tls13-psk-after-session-tickets
TLS 1.3: PSK and NewSessionTicket: Add support for sending PSK and Ticket together.
2022-10-12 12:39:51 +02:00
Przemek Stekiel
d61a4d3d1a Fix missing guard and double-space
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-11 09:40:40 +02:00
Przemek Stekiel
52a428b824 Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 11:23:18 +02:00
Jerry Yu
8897c07075 Add server only guards for psk callback
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jan Bruckner
b33f6e5ee2 Fix typo
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2022-10-06 11:23:49 +02:00