Commit graph

9465 commits

Author SHA1 Message Date
Jerry Yu
4a698341c9 Re-org selected_identity parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
6183cc7470 Re-org binders writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f75364bee1 Re-organize identities writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8b41e893a2 fix various issues
- Re-order code and comments
  - move comment above `write_identities`
  - move `write_binder` above `write_identities`.
- Add has_{psk,identity} into {ticket,psk}_get_{psk,identity}
- rename `*_session_tickets_*` to `_ticket_`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
19ae6f62c7 move ciphersuite validation to set_session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
25ab654781 Add dummy ticket support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
b300e3c5be add selected_identity parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
1a0a0f4416 Add binders writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f7c125917c Add identites writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
0c6105bc9e empty pre_shared_key functions
To easy review

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8897c07075 Add server only guards for psk callback
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Gilles Peskine
845de0898e
Merge pull request #6083 from tom-cosgrove-arm/issue-6015-montgomery-multiplication
Montgomery multiplication from bignum prototype
2022-09-30 10:35:21 +02:00
Tom Cosgrove
6da3a3b15f Fix doc regarding aliasing of modulus input to mbedtls_mpi_core_montmul()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 17:20:18 +01:00
Tom Cosgrove
4386ead662 Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 14:40:21 +01:00
Ronald Cron
77c691f099
Merge pull request #6194 from xkqian/tls13_add_psk_client_cases
TLS 1.3: Add PSK client cases
2022-09-28 17:08:06 +02:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Xiaokang Qian
ca343ae280 Improve message logs and test cases description in psk
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-28 02:07:54 +00:00
Ronald Cron
c27a9074c4 tls13: server: Add comment when trying another sig alg
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-27 10:07:55 +02:00
Xiaokang Qian
cb6e96305f Change kex mode string name
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-27 08:02:41 +00:00
Ronald Cron
b72dac4ed7 Fix PSA identifier of RSA_PKCS1V15 signing algorithms
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-27 09:25:47 +02:00
Andrzej Kurek
b510cd2c50 Fix a copy-paste error - wrong macro used
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-26 10:50:22 -04:00
Andrzej Kurek
5603efd525 Improve readability and formatting
Also use a sizeof instead of a constant for zeroization, as
requested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-26 10:49:16 -04:00
Xiaokang Qian
5beec4b339 Refine ssl_get_kex_mode_str() for easy automatic generation
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-26 08:23:45 +00:00
Xiaokang Qian
ac8195f4f7 Fix wrongly kex mode fallback issue in psk cases
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-26 06:31:58 +00:00
Gilles Peskine
5596c74a98
Merge pull request #6140 from Zaya-dyno/validation_remove_change_auth_enc
Validation remove change auth enc
2022-09-23 17:04:31 +02:00
Gilles Peskine
12a1e85caa
Merge pull request #6138 from Zaya-dyno/validation_remove_change_key_agree
Validation remove change key agree
2022-09-23 17:04:20 +02:00
Gilles Peskine
87953f228f
Merge pull request #6091 from Zaya-dyno/validation_remove_change_pk
Validation remove change pk
2022-09-23 17:03:30 +02:00
Paul Elliott
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
2022-09-23 15:48:33 +01:00
Xiaokang Qian
8939930b82 Rebase and fix some test failures
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-23 01:49:33 +00:00
Xiaokang Qian
5001bfc619 Add key exchange mode log in client side
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-23 01:49:33 +00:00
XiaokangQian
335cfaadf9 Finalize client side code for psk
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-09-23 01:48:26 +00:00
Jerry Yu
359e65f784 limit session ticket number when resumption
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 23:47:43 +08:00
Jerry Yu
f3bdf9dd51 fix various issues
- improve document about configuration item.
- format issue
- variable type issue.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 23:47:14 +08:00
Gilles Peskine
07ba2be20b
Merge pull request #6304 from yuhaoth/pr/exclude-pre_shared_key-from-hrr-msg
TLS 1.3: PSK: Exclude pre_shared_key for HRR
2022-09-22 10:21:06 +02:00
Manuel Pégourié-Gonnard
1475ac49a4
Merge pull request #6107 from Zaya-dyno/validation_remove_change_hash
Validation remove change hash
2022-09-22 09:24:44 +02:00
Manuel Pégourié-Gonnard
d5c82fb821
Merge pull request #6085 from Zaya-dyno/validation_remove_change_cipher
Validation remove and change in files related to cipher in library
2022-09-22 09:10:13 +02:00
Jerry Yu
b7e3fa7fbd move count decrement after success sent
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 13:21:29 +08:00
Jerry Yu
d0766eca58 fix various issues
- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 13:21:29 +08:00
Tom Cosgrove
c573882674 Merge remote-tracking branch 'upstream/development' into issue-6015-montgomery-multiplication 2022-09-21 12:08:43 +01:00
Manuel Pégourié-Gonnard
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up
Driver only hashes wrap-up
2022-09-21 08:29:46 +02:00
Tom Cosgrove
4782823ec3 Ensure we explicitly document the modulus for fixed-width arithmetic
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 13:51:50 +01:00
Tom Cosgrove
b0b77e1b13 Document and test aliasing of the bignums given to mbedtls_mpi_core_mla()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 13:33:40 +01:00
Ronald Cron
067a1e735e tls13: Try reasonable sig alg for CertificateVerify signature
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
38391bf9b6 tls13: Do not impose minimum hash size for RSA PSS signatures
When providing proof of possession of
an RSA private key, allow the usage for RSA
PSS signatures of a hash with a security
level lower that the security level of the
RSA private key.

We did not allow this in the first place to
align with the ECDSA case. But as it is not
mandated by the TLS 1.3 specification (in
contrary to ECDSA), let's allow it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:29:41 +02:00
Ronald Cron
67ea2543ed tls13: server: Add sig alg checks when selecting best certificate
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.

That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:26:32 +02:00
Tom Cosgrove
ea45c1d2d4 Document and test aliasing of output for mbedtls_mpi_core_montmul()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 13:17:51 +01:00
Jerry Yu
d4e7500a07 Enable multi session tickets on Server
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:24:03 +08:00
Jerry Yu
1ad7ace6b7 Add conf new session tickets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:22:21 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00