XiaokangQian
95d5f549f1
Fix coding styles
...
Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-24 05:42:15 +00:00
Przemek Stekiel
1b0ebdf363
Zeroize hkdf_label buffer
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-23 09:22:49 +02:00
Przemek Stekiel
38ab400dc4
Adapt code to be consistent with the existing code
...
- init status to error
- use simple assignment to status
- fix code style (spaces)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-23 09:05:40 +02:00
XiaokangQian
c740345c5b
Adress review comments
...
Change Code styles
Add test cases
Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-23 03:24:12 +00:00
Gabor Mezei
96ec831385
Do not encrypt CCS records
...
According to the TLS 1.3 standard the CCS records must be unencrypted.
When a record is not encrypted the counter, used in the dynamic IV
creation, is not incremented.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
Gabor Mezei
7b39bf178e
Send dummy change_cipher_spec records from TLS 1.3 server
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
XiaokangQian
acb3992251
Add ALPN extension to the server side
...
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-22 06:34:58 +00:00
Przemek Stekiel
d5ae365b97
Use PSA HKDF-Extrat/Expand algs instead mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_xpand()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 07:22:33 +02:00
Przemek Stekiel
88e7101d03
Remove mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_expand()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 07:22:33 +02:00
Manuel Pégourié-Gonnard
a82a8b9f4b
Mark internal int SSL functions CHECK_RETURN_CRITICAL
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:55 +02:00
Manuel Pégourié-Gonnard
a3115dc0e6
Mark static int SSL functions CHECK_RETURN_CRITICAL
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:52 +02:00
Manuel Pégourié-Gonnard
66b0d61718
Add comments when can_do() is safe to use
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard
b64fb62ead
Fix unchecked return value from internal function
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Gilles Peskine
e0469b5908
Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix
...
Add a client hello cookie_len overflow test
2022-06-20 19:35:54 +02:00
Gilles Peskine
36aeb7f163
Merge pull request #5834 from mprse/HKDF_1
...
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
2022-06-20 15:27:46 +02:00
Werner Lewis
b3acb053fb
Add mbedtls_x509_dn_get_next function
...
Allow iteration through relative DNs when X509 name contains multi-
value RDNs.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-17 16:40:55 +01:00
Ronald Cron
30c5a2520e
tls13: Fix certificate key usage checks
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-17 08:49:52 +02:00
Ronald Cron
ca3c6a5698
Merge pull request #5817 from xkqian/tls13_add_server_name
...
Tls13 add server name
2022-06-16 08:30:09 +02:00
Andrzej Kurek
755ddff25c
Fix print format in a debug message
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-15 07:32:02 -04:00
Andrzej Kurek
cbe14ec967
Improve variable extracting operations by using MBEDTLS_GET macros
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-15 07:17:28 -04:00
XiaokangQian
75fe8c7e54
Change place of ssl_tls13_check_ephemeral_key_exchange
...
Change-Id: Id49172f7375e2a0771ad1216fb7eead808f0db3e
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-15 09:42:45 +00:00
XiaokangQian
fb665a8452
Adress the comments about styles and pick_cert
...
Change-Id: Iee89a27aaea6ebc8eb01c6c9985487f081ef7343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-15 03:57:21 +00:00
Andrzej Kurek
7cf872557a
Rearrange the session resumption code
...
Previously, the transforms were populated before extension
parsing, which resulted in the client rejecting a server
hello that contained a connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-14 08:26:19 -04:00
Przemek Stekiel
69c4679b22
Adapt macro name to meet requested criteria: MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF->BUILTIN_ALG_ANY_HKDF
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-14 11:13:32 +02:00
XiaokangQian
07aad0710c
Refine function name ssl_tls13_pick_key_cert
...
Change-Id: I821e1485d9cfcca88fa3e18d345766ea48c64250
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-14 05:35:09 +00:00
XiaokangQian
81802f43a2
Select certificate base on the received signature list
...
Change-Id: Ife707db7fcfdb1e761ba86804cbf5dd766a5ee33
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-13 03:58:06 +00:00
Gilles Peskine
321a08944b
Fix bug whereby 0 was written as 0200 rather than 020100
...
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:13:33 +02:00
Gilles Peskine
ae25bb043c
Fix null pointer dereference in mpi_mod_int(0, 2)
...
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 19:32:46 +02:00
Przemek Stekiel
75fe3fb1d7
psa_crypto.c: add MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF macro to limit number of #if conditions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-09 14:44:55 +02:00
Andrzej Kurek
b58cf0d172
Split a debug message into two - for clarity
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:53:59 -04:00
Andrzej Kurek
078e9bcda6
Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:47:33 -04:00
Dave Rodgman
11930699f1
Merge pull request #5827 from wernerlewis/time_utc
...
Use ASN1 UTC tags for dates before 2000
2022-06-08 13:54:19 +01:00
Paul Elliott
5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests
...
Pr/add-tls13-moving-state-tests
2022-06-08 13:39:52 +01:00
Manuel Pégourié-Gonnard
3a833271aa
Merge pull request #5727 from SiliconLabs/feature/PSEC-3207-TLS13-hashing-HMAC-to-PSA
...
Feature psec-3207 move TLS13 hashing and hmac to psa
2022-06-08 11:53:35 +02:00
XiaokangQian
96287d98d8
Remove the certificate key check against the received signature
...
Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-08 08:37:53 +00:00
pespacek
d9aaf768b5
Fixing CI complains.
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-06-08 09:44:11 +02:00
XiaokangQian
9850fa8e8d
Refine ssl_tls13_pick_cert()
...
Change-Id: I5448095e280d8968b20ade8b304d139e399e54f1
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-08 07:02:41 +00:00
pespacek
b06acd734b
Fixing PSA return status
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-06-07 13:07:21 +02:00
XiaokangQian
23c5be6b94
Enable SNI test for both tls12 and tls13
...
Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-07 09:43:13 +00:00
Ronald Cron
209cae9c42
tls13: server: Fix state update in CLIENT_CERTIFICATE
...
The state should be updated only if the handler
returns in success.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 10:58:22 +02:00
pespacek
670913f4dc
Fixing return value for ssl_tls13_write_certificate_body()
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-06-07 10:53:39 +02:00
Andrzej Kurek
cfb01948c8
Add cookie parsing tests to test_suite_ssl
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:29:15 -04:00
Andrzej Kurek
c8183cc492
Add missing sid_len in calculations of cookie sizes
...
This could lead to a potential buffer overread with small
MBEDTLS_SSL_IN_CONTENT_LEN.
Change the bound calculations so that it is apparent
what lengths and sizes are used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:28:56 -04:00
Gilles Peskine
364fd8bb71
More SSL debug messages for ClientHello parsing
...
In particular, be verbose when checking the ClientHello cookie in a possible
DTLS reconnection.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-06 14:25:41 -04:00
Dave Rodgman
5e03d9e601
Merge pull request #5837 from robert-shade/robert-shade/add_subdirectory_support
...
Allow building as a subdir
2022-06-06 14:11:06 +01:00
Przemek Stekiel
b57a44bf9b
is_kdf_alg_supported: Adapt impl to new build flags for HKDF EXTRACT/EXPAND
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:43 +02:00
Przemek Stekiel
cde3f783f5
Make info valid only after secret for HKDF-EXPAND + adapt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:02 +02:00
Przemek Stekiel
0586f4c4ea
Make salt mandatory for HKDF-EXTRACT + adapt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:25:43 +02:00
Przemek Stekiel
3e8249cde0
Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
a29b488296
Optimize code by adding PSA_ALG_IS_ANY_HKDF macro
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:09 +02:00
XiaokangQian
129aeb9b0e
Update test cases and support sni ca override
...
Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-02 09:29:18 +00:00
Przemek Stekiel
459ee35062
Fix typo and style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-02 11:16:52 +02:00
Werner Lewis
acd01e58a3
Use ASN1 UTC tags for dates before 2000
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-01 16:24:28 +01:00
Gilles Peskine
8399cccd2e
Merge pull request #5829 from paul-elliott-arm/fix_ct_uninit_memory_access
...
Fix uninitialised memory access in constant time functions
2022-06-01 11:42:51 +02:00
Gilles Peskine
09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa
...
Deprecate mbedtls_cipher_setup_psa()
2022-05-31 10:56:52 +02:00
Jerry Yu
0a92d6c8eb
fix move state to handshake over fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Dave Rodgman
a3344f7bac
Merge pull request #5767 from leorosen/avoid-null-args
...
Avoid potentially passing NULL arguments
2022-05-30 11:40:21 +01:00
XiaokangQian
0557c94fef
Add back SNI related code to validate_certificate
...
Change-Id: I75883858016d4163cd7c64c3418eb3ca24fa46ea
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 08:10:53 +00:00
XiaokangQian
f2a942073e
Fix SNI test failure
...
Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 08:07:16 +00:00
XiaokangQian
9b2b7716b0
Change mbedtls_ssl_parse_server_name_ext base on comments
...
Change-Id: I4ae831925cb1899afafb7dc626bfad9be24a5c8c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 08:07:16 +00:00
XiaokangQian
40a3523eb7
Add support of server name extension to server side
...
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 08:07:16 +00:00
XiaokangQian
e7a5da597f
Remove SNI related code
...
Change-Id: Ic44bdb27b1bdc5c9057078dfed936fc36bddebbe
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 00:59:29 +00:00
XiaokangQian
aca9048b5f
Change base on review
...
Fix comments
Add test cases for client authentication with empty certificate
Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:11 +00:00
XiaokangQian
989f06d52d
Change some comments base on review
...
Change-Id: I3db2b8ca8162eb368d2f17dfeffee8b25f9edf6f
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:11 +00:00
XiaokangQian
63e713e8ab
Fix comments
...
Change-Id: Ib741f876f4d296df79565a2b8a2971918db1a77f
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:11 +00:00
XiaokangQian
c3017f620f
Remove useless guards and refine checking
...
Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:10 +00:00
XiaokangQian
189ded2b07
Remove coordinate functions and change state machine in server side
...
Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:46:13 +00:00
XiaokangQian
6b916b1616
Add client certificate parse and certificate verify
...
Change-Id: I638db78922a03db6f8bd70c6c5f56fb60365547d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:40:53 +00:00
Dave Rodgman
a636d1f192
Merge pull request #5714 from daverodgman/k-stachowiak_static-runtime-option-msvc
...
Enable static linking of the common runtime in MSVC
2022-05-25 14:47:58 +01:00
Dave Rodgman
32c995afa3
Merge pull request #5724 from Biswa96/cmake-mingw
...
cmake: Fix runtime library install location in mingw
2022-05-25 13:34:43 +01:00
Paul Elliott
8fba70f66c
Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup
...
TLS 1.3: Add Finished Message and wrapup
2022-05-25 12:02:06 +01:00
pespacek
3493587e05
FEATURE: mbedtls_md() in ssl_tls13_write_certificate_verify_body()
...
replaced withpsa_hash_compute()
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-05-23 13:10:48 +02:00
pespacek
a1378105cf
FEATURE: use psa_hash_xxx rather than mbedtls_md_xxx for TLS 1.3.
...
ssl_tls13_parse_certificate_verify()
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-05-23 13:10:47 +02:00
Manuel Pégourié-Gonnard
69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa
...
Permissions 1: create `mbedtls_pk_can_do_ext()`
2022-05-23 10:58:32 +02:00
Robert Shade
591e729b54
Allow building as a subdir
...
Fixes #5688
Signed-off-by: Robert Shade <robert.shade@gmail.com>
2022-05-21 12:55:12 -04:00
Neil Armstrong
81d391f773
Check when usage == 0 in mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 09:26:16 +02:00
Neil Armstrong
b80785f1a4
Comment typo fix in mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 09:25:55 +02:00
Gilles Peskine
e4d3a6a4e8
Merge pull request #5804 from superna9999/5797-remove-cipher-deps-tls
...
Remove Cipher dependencies in TLS
2022-05-19 21:02:12 +02:00
Paul Elliott
5260ce27ed
Fix uninitialised memory access in constant time functions
...
Fix an issue reported by Coverity whereby some constant time functions
called from the ssl decrypt code could potentially access uninitialised
memory.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-19 18:23:24 +01:00
Dave Rodgman
afe149d76e
Merge pull request #5846 from bootstrap-prime/development
...
Fix typos in documentation and constants with typo finding tool
2022-05-19 16:53:32 +01:00
Paul Elliott
4283a6b121
Merge pull request #5736 from gilles-peskine-arm/psa-raw_key_agreement-buffer_too_small
...
Make psa_raw_key_agreement return BUFFER_TOO_SMALL
2022-05-19 16:06:02 +01:00
Neil Armstrong
084338d336
Change mbedtls_pk_can_do_ext() usage test logic for opaque keys
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-19 16:22:40 +02:00
Przemek Stekiel
03d948c47f
Refacor code for HKDF-Extract algorithm
...
Solution provided by @mpg.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-19 11:45:20 +02:00
Przemek Stekiel
2fb0dcd403
psa_hkdf_input: use more suitable condition and add comments
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-19 10:34:37 +02:00
Jerry Yu
e3d67cb263
Improve readability
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-19 15:33:10 +08:00
Jerry Yu
fd5ea0458f
add compute application transform
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-19 14:29:48 +08:00
Jerry Yu
545432310d
remove zeorize from keys
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-19 11:23:25 +08:00
Jerry Yu
cc0a13fcf8
remove unnecessary empty line
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-19 10:14:24 +08:00
bootstrap-prime
6dbbf44d78
Fix typos in documentation and constants with typo finding tool
...
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
2022-05-18 14:15:33 -04:00
Przemek Stekiel
b398d8693f
Update descryption of HKDF-Extract/Expand algs and fix comment
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-18 15:43:54 +02:00
Neil Armstrong
8395d7a37d
Change guard of mbedtls_ssl_cipher_to_psa() with USE_PSA_CRYPTO || SSL_PROTO_TLS1_3
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:24:34 +02:00
Neil Armstrong
0fa8ce3498
TLS 1.3 only have AEAD ciphers, drop the PSA_ALG_IS_AEAD() check in mbedtls_ssl_tls13_get_cipher_key_info()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
b818e16b29
Move out common PSA code from mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
e3b0b8ab67
Remove non-PSA code in mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
93617245c3
Code style fixes
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
689557ca12
Make CIPHER_C guard code as alternate of USE_PSA_CRYPTO in mbedtls_ssl_ciphersuite_get_cipher_key_bitlen()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
4f4f271850
In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
a8093f5c48
In mbedtls_ssl_tls13_populate_transform() make sure mbedtls_cipher_info_from_type() is only called when USE_PSA is disabled
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
801abb69a5
Provide a PSA definition of mbedtls_ssl_ciphersuite_get_cipher_key_bitlen() when MBEDTLS_USE_PSA_CRYPTO is defined
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Jerry Yu
bb2d47d956
Remove not used state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Jerry Yu
e8c1fca67c
move trafic set to generic
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Jerry Yu
d6e253ded9
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Jerry Yu
4d8567fa9e
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
03ed50ba6a
Add handshake wrapup
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
ff2269889d
Add client finished
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
27bdc7c6b6
Implement write server finish
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
69dd8d4091
tls13:finished:add dummy frame work
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Ronald Cron
9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext
...
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
2022-05-17 17:01:55 +02:00
Paul Elliott
a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify
...
TLS1.3:Add Certificate and CertificateVerify message on Server Side
2022-05-17 15:47:36 +01:00
Paul Elliott
114203814a
Better check for NULL pointer
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-17 15:01:20 +01:00
Neil Armstrong
bbb8b75f20
Fixup comment of mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:58:27 +02:00
Neil Armstrong
408f6a60a3
Add usage parameter to mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:23:20 +02:00
Neil Armstrong
dab56ba2bd
Fix typo in mbedtls_pk_can_do_ext() code documentation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 11:56:55 +02:00
Gilles Peskine
3e56130fb9
psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted
...
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.
The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.
Fixes #5735 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:37:54 +02:00
Dave Rodgman
2a045325f9
Merge pull request #5766 from leorosen/fix-var-init
...
Add missing local variable initialization
2022-05-16 14:47:00 +01:00
Gilles Peskine
9b7e29663f
Merge pull request #4211 from ccawley2011/mingw
...
Fix compilation with MinGW32
2022-05-16 12:30:37 +02:00
Leonid Rozenboim
a3008e7e2e
Add missing local variable initialization
...
These issues were flagged by Coverity as instances where a local
variable may be used prior to being initialized. Please note that
none of these changes fixes any particular bug, this is just an attempt
to add more robustness.
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-05-13 18:08:11 +01:00
Paul Elliott
dd428d3650
Fix incorrect error message
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-13 17:43:16 +01:00
Gabor Mezei
696956da24
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-13 17:02:19 +02:00
Gabor Mezei
0a4298bbe9
Remove unnecessary duble conversion
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-13 17:02:18 +02:00
Jerry Yu
b89125b81a
Add test without server certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-13 15:50:04 +08:00
Jerry Yu
23d1a256ec
fix hrr handler undefine fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 20:11:16 +08:00
Neil Armstrong
a88b15897d
Add implementation of mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-12 11:53:02 +02:00
Dave Rodgman
8b65420f42
Add comment
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-12 09:45:03 +01:00
Jerry Yu
5a26f3000d
Refactor cert exchange states
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00
Jerry Yu
f1c3c4e77c
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00
Jerry Yu
c6e6dbf2e7
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00
Jerry Yu
4ff9e14356
Add server certificate verfiy
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:14 +08:00
Jerry Yu
1bff711a36
tls13:server:add server certificate writing
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:14 +08:00
Jerry Yu
83da34eb59
tls13:server:add dummy write certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:14 +08:00
Andrzej Kurek
5c65c5781f
Fix additional misspellings found by codespell
...
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L
keypair,Keypair,KeyPair,keyPair,ciph,nd
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Gabor Mezei
86acf05b1e
Update signiture algorithm handling
...
Rename local variables and to simplify things use static_assert to
determine if the default signiture algorithms are not fit into the
SSL handshake structure.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:19 +02:00
Gabor Mezei
53a3b14823
Update documntation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:19 +02:00
Gabor Mezei
c1051b62aa
Remove MBEDTLS_SSL_SIG_ALG_SET
macro
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:19 +02:00
Gabor Mezei
3631cf693a
Rename signiture algorithm macros to better suite with TLS 1.2
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:19 +02:00
Gabor Mezei
24c7c2be08
Unify MBEDTLS_TLS_SIG_NONE
macro definition for TLS 1.2 and 1.3
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
a3d016ce41
Rename and rewrite mbedtls_ssl_sig_hash_set_find
function
...
Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name
and rewrite to operate TLS signature algorithm identifiers.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
1226590c88
Explicitly set invalid value for the end of the signiture algorithm set
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
15b95a6c52
Use common macro for the invalid signiture algorithm botn in TLS 1.2 and 1.3
...
Introduce a new macro MBEDTLS_TLS_SIG_NONE for invalid signiture algorithm.
It is intended to use in common code of TLS 1.2 and 1.3.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
1a3be088bf
Reorder defines to use previous definitions
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
078e803d2c
Unify parsing of the signature algorithms extension
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:08 +02:00
Przemek Stekiel
17520fe2c5
PSA: Add support for HKDF-Extend and HKDF-Expand algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:17:03 +02:00
Manuel Pégourié-Gonnard
5479f5321a
Merge pull request #5772 from superna9999/5762-rsa-decrypt-pk
...
RSA decrypt 1a: PK
2022-05-11 11:01:01 +02:00
Paul Elliott
d1a954d243
Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request
...
TLS1.3: Add HelloRetryRequest Write
2022-05-10 17:25:33 +01:00
Dave Rodgman
4bfb007dcb
Handle platform differences in gmtime_s
...
MSVC and C11 specify different arguments and return value
meaning for gmtime_s.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-10 13:46:09 +01:00
Dave Rodgman
ad8dc480d4
Remove redundant comment
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-10 13:46:09 +01:00
Cameron Cawley
ea5496ceb3
Fix compilation with MinGW32
...
Signed-off-by: Cameron Cawley <ccawley2011@gmail.com>
2022-05-10 13:46:09 +01:00
Manuel Pégourié-Gonnard
42650260a9
Merge pull request #5783 from mprse/md_dep_v3
...
Fix undeclared dependencies: MD
2022-05-10 10:41:32 +02:00
Jerry Yu
f41553b662
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 22:20:30 +08:00
Manuel Pégourié-Gonnard
9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks
...
Unify non-opaque and opaque PSKs
2022-05-09 10:15:16 +02:00
Jerry Yu
ead5cce22c
improve readability
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:58:50 +08:00
Jerry Yu
4ca9140d43
fix coding style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:55:39 +08:00
Jerry Yu
66d9e6f405
refactor next state of client hello
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:11 +08:00
Jerry Yu
4833056833
fix ci test fails
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:11 +08:00
Jerry Yu
7f157eb31f
Change alert message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:11 +08:00
Jerry Yu
b8ac19a296
send alert when second hrr needed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:09 +08:00
Jerry Yu
6a2cd9ebf5
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:08 +08:00
Jerry Yu
b0ac10b4a8
Refactor hrr key_share
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:06 +08:00
Jerry Yu
49ca92892d
refactor HRR routine
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:05 +08:00
Jerry Yu
086edc2807
refactor parse key_share ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:04 +08:00
Jerry Yu
fbe3e64b76
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:03 +08:00
Jerry Yu
c1be19f226
misc:minor improvement
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:01 +08:00
Jerry Yu
23f7a6fc5c
share write_body between HRR and ServerHello
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:01 +08:00
Jerry Yu
582dd069b7
Add HRR handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:01 +08:00
Jerry Yu
fe24d1c9f5
add named group debug helper
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:00 +08:00
Jerry Yu
93a13f2c38
Share magic word of HRR
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:48:59 +08:00
Jerry Yu
67a2c37039
tls13:hrr:add empty frame work
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:48:59 +08:00
XiaokangQian
aad9b0a286
Update code base on comments
...
Change-Id: Ibc5043154515d2801565a2b99741dfda1344211c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-09 01:11:21 +00:00
XiaokangQian
a987e1d2f8
Change state machine after encrypted extension and update cases
...
Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
ec6efb98bc
Change variable name to output_len
...
Change-Id: I0f8a40da9782b2ec7af7e6f1faf1ac5c7e589418
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
cec9ae6259
Change the code places of CERTIFICATE_REQUEST
...
Change-Id: I3aa293184fea4f960782675bdd520256c808bd4e
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
45c22201b3
Update test cases and encrypted extension state set
...
Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
2f150e184f
Update status and add test cases for client certificate request
...
Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
1f1f1e3372
Temp change to align with client/server hello style
...
Change-Id: I8befbbcb5d6f7fdb230022825dcb856e19d9bec0
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
9dc4450647
Fix commets issue about coding styles
...
Change-Id: I930a062e137562e0b129b9b9b191e5c864f8104d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
eaf3651e31
Rebase and solve conflicts
...
Change handshake_msg related functions
Share the ssl_write_sig_alg_ext
Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
Xiaofei Bai
5ee73d84a9
Address review comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-05-07 01:37:04 +00:00
Xiaofei Bai
9ca09d497f
Add writing CertificateRequest msg on server side
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-05-07 01:37:04 +00:00
Pol Henarejos
b101cb6111
Since the group is unloaded for all curves, it is better to initialize the group also for all curves.
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-05-06 18:43:58 +02:00
Ronald Cron
25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext
...
TLS1.3: add writing encrypted extensions on server side.
2022-05-06 13:54:45 +02:00
Przemek Stekiel
c1e41bb2b5
rsa.c: remove redundant include of md.h
...
rsa.c includes rsa.h that includes md.h
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 11:42:18 +02:00
Przemek Stekiel
ef1fb4a3d3
Deprecate mbedtls_cipher_setup_psa()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 10:55:10 +02:00
Jerry Yu
ef2b98a246
fix coding style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-06 16:40:05 +08:00
Jerry Yu
f86eb75c58
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-06 11:16:55 +08:00
Pol Henarejos
aa68d36234
Fix order value for curve x448.
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-05-05 19:22:29 +02:00
Neil Armstrong
8ecd66884f
Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-05 14:01:49 +02:00
Jerry Yu
e110d258d9
Add set outbound transform
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-05 19:59:59 +08:00
Werner Lewis
e59a531455
Fix memcpy() UB in mbedtls_asn1_named_data()
...
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 11:45:06 +01:00
Neil Armstrong
80f6f32495
Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
044a32c4c6
Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
cd05f0b9e5
Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
e952a30d47
Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
61f237afb7
Remove PSA-only code dealing with non-opaque PSA key
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
501c93220d
Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
b743d95051
Do not erase input key in psa_tls12_prf_psk_to_ms_set_key()
...
When ALG_TLS12_PSK_TO_MS() is used, first derivation is correct
but the following derivations output data is incorrect.
This is because input key is erased in psa_tls12_prf_psk_to_ms_set_key()
since commit 03faf5d2c1
.
Fixes: 03faf5d2c1
("psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage")
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:06:22 +02:00
Neil Armstrong
30beca35f1
Guard pk_opaque_rsa_decrypt() with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
...
Then mbedtls_pk_error_from_psa_rsa() also needs to be guarded with
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR to be used by pk_opaque_rsa_decrypt()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:02:37 +02:00
Jerry Yu
9da5e5a2f2
fix coding style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-03 15:46:09 +08:00
Jerry Yu
de66d12afc
remove out couter reset
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-03 12:15:19 +08:00
Jerry Yu
39730a70cd
remove variable initial
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-03 12:14:04 +08:00