Commit graph

137 commits

Author SHA1 Message Date
Valerio Setti
18c9fed857 tls: remove dependency from mbedtls_ecp_curve functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 13:03:34 +01:00
Manuel Pégourié-Gonnard
4064a82802
Merge pull request #5600 from yuhaoth/pr/refactor-cookie-members-of-handshake
Refactor cookie members of handshake
2022-12-14 10:55:34 +01:00
Tom Cosgrove
ed4f59eec3 Fix another typo where 'PSK' was 'PKS'
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-05 12:07:50 +00:00
Jerry Yu
e01304f6d8 fix type conversion issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 19:58:46 +08:00
Jerry Yu
ac5ca5a0ea Refactor cookie members of handshake struct
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 19:58:45 +08:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Manuel Pégourié-Gonnard
ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2
CID update to RFC 9146
2022-11-29 09:25:14 +01:00
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
Valerio Setti
5151bdf46e tls: psa_pake: add missing braces
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-21 14:30:02 +01:00
Valerio Setti
61ea17d30a tls: psa_pake: fix return values in parse functions
Ensure they all belong to the MBEDTLS_ERR_SSL_* group

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-18 12:11:00 +01:00
Valerio Setti
6b3dab03b5 tls: psa_pake: use a single function for round one and two in key exchange read/write
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 17:14:54 +01:00
Valerio Setti
9bed8ec5d8 tls: psa_pake: make round two reading function symmatric to the writing one
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:36:19 +01:00
Valerio Setti
a08b1a40a0 tls: psa_pake: move move key exchange read/write functions to ssl_tls.c
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:34:59 +01:00
Andrzej Kurek
ec71b0937f Introduce a test for single signature algorithm correctness
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-11-17 14:58:14 +00:00
Valerio Setti
02c25b5f83 tls12: psa_pake: use common code for parsing/writing round one and round two data
Share a common parsing code for both server and client for parsing
round one and two.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 13:56:12 +01:00
Dave Rodgman
d384b64dd2
Merge branch 'development' into rfc9146_2
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-14 17:43:15 +00:00
Neil Armstrong
ca7d506556 Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-08 10:58:45 +01:00
Glenn Strauss
a4b4041219 Shared code to free x509 structs
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-10-28 12:51:35 -04:00
Gilles Peskine
88f5fd9099
Merge pull request #6479 from AndrzejKurek/depends-py-no-psa
Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts
2022-10-26 20:02:57 +02:00
Gilles Peskine
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
Fix unusual macros
2022-10-25 19:55:29 +02:00
Andrzej Kurek
468c50656e Fix key exchange dependencies for ssl_parse_server_ecdh_params
Resulting from particular configs in which this code is used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:55:18 -04:00
Ronald Cron
d29e13eb1b tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
David Horstmann
b21bbef061 Refactor macro-spanning if in ssl_tls12_client.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-06 18:00:51 +01:00
Gilles Peskine
945b23c46f Include platform.h unconditionally: automatic part
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:33:07 +02:00
Hannes Tschofenig
fd6cca4448 CID update to RFC 9146
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
2022-09-07 17:15:05 +02:00
Przemek Stekiel
40afdd2791 Make use of MBEDTLS_MAX_HASH_SIZE macro
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-06 14:18:45 +02:00
Andrzej Kurek
0ce592169e Use hash_info_get_size in ssl_tls12_client
This way the code does not rely on the MBEDTLS_MD_C define
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Dave Rodgman
953ce3962f
Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12
Add rsa pss rsae for tls12
2022-08-09 10:21:45 +01:00
Dave Rodgman
27036c9e28
Merge pull request #6142 from tom-cosgrove-arm/fix-comments-in-docs-and-comments
Fix a/an typos in doxygen and other comments
2022-07-29 12:59:05 +01:00
Jerry Yu
c3bf748dc7 fix vertical alignment
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-29 10:27:17 +08:00
Jerry Yu
95b743ca17 Rename get_pk_type_and_md_alg
The function is for both tls12 and tls13 now.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
693a47ab1d add rsa_pss_rsae_* support in tls12
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Tom Cosgrove
ce7f18c00b Fix a/an typos in doxygen and other comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-28 05:50:56 +01:00
Thomas Daubney
20f89a9605 Remove uses of SSL compression
Remove or modify current uses of session compression.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-07-26 16:13:03 +01:00
Jerry Yu
a357cf4d4c Rename new_session_ticket state
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash
Fix DTLS 1.2 session resumption
2022-07-06 15:03:36 +01:00
Andrzej Kurek
21b50808cd Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing
Use a more straightforward condition to note that session resumption
is happening.
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-06 03:26:55 -04:00
Glenn Strauss
bd10c4e2af Test accessors to config DN hints for cert request
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-29 02:54:28 -04:00
Manuel Pégourié-Gonnard
a3115dc0e6 Mark static int SSL functions CHECK_RETURN_CRITICAL
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:52 +02:00
Manuel Pégourié-Gonnard
66b0d61718 Add comments when can_do() is safe to use
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Andrzej Kurek
7cf872557a Rearrange the session resumption code
Previously, the transforms were populated before extension
parsing, which resulted in the client rejecting a server
hello that contained a connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-14 08:26:19 -04:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Neil Armstrong
8ecd66884f Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-05 14:01:49 +02:00
Neil Armstrong
80f6f32495 Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
cd05f0b9e5 Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
e952a30d47 Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
61f237afb7 Remove PSA-only code dealing with non-opaque PSA key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Przemek Stekiel
99114f3084 Fix build flags for opaque/raw psk checks
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:34 +02:00
Przemek Stekiel
b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
19b80f8151 Enable support for psa opaque ECDHE-PSK key exchange on the client side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
f2534ba69b tls12_client: skip PMS generation for opaque RSA-PSK
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Manuel Pégourié-Gonnard
55132c6a9a
Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context
TLS ECDH 4: remove legacy context
2022-04-22 14:27:06 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Glenn Strauss
8315811ea7 Remove restrictive proto ver negotiation checks
Overly restrictive protocol version negotiation checks might be
"version intolerant".  TLS 1.3 and DTLS 1.3 move the version to
the "supported_versions" ClientHello extension.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d mbedtls_ssl_config min_tls_version, max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).

New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:39:43 -04:00
Glenn Strauss
da7851c825 Rename mbedtls_ssl_session minor_ver to tls_version
Store the TLS version instead of minor version number in tls_version.

Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms.  The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.

Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:57 -04:00
Neil Armstrong
282750215c Remove PSA only code from non-PSA code block code in ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 15:05:11 +02:00
Neil Armstrong
11d4945248 Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 15:03:43 +02:00
Neil Armstrong
1f198d8dee Simplify by moving ssl_check_server_ecdh_params in the ECDHE non-PSA compile-time block
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 15:02:30 +02:00
Neil Armstrong
3ea01498d8 Store TLS1.2 ECDH point format only when USE_PSA_CRYPTO isn't selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-12 14:41:50 +02:00
Neil Armstrong
d8419ff390 Refactor to make PSA and non-PSA ECDH(E) client code exclusive
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-12 14:39:16 +02:00
Manuel Pégourié-Gonnard
927410ded3
Merge pull request #5611 from superna9999/5318-tls-ecdhe-psk
TLS ECDH 3a: ECDHE-PSK (both sides, 1.2)
2022-04-12 13:28:02 +02:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Neil Armstrong
e18ff952a7 Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
b7ca76b652 Use intermediate pointer for readability and rename PMS pointer in ECHDE-PSK PSA version of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
fc834f2e2c Introduce content_len_size variable in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
0bdb68a242 Introduce zlen size variable in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:52 +02:00
Neil Armstrong
d8420cad31 Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:52 +02:00
Neil Armstrong
c530aa6b4e Return PSA translated errors in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:52 +02:00
Neil Armstrong
b9f319aec1 Remove useless braces in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:51 +02:00
Neil Armstrong
2540045542 Update comments in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:07 +02:00
Neil Armstrong
bc5e8f9dd0 Initialize uninitialized variables in ECHDE-PSK part of ssl_write_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:07 +02:00
Neil Armstrong
868af821c9 Implement PSA client-side ECDHE-PSK
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:06 +02:00
Neil Armstrong
91477a7964 Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Ronald Cron
8fdad9e534 ssl_tls12_client.c: Remove duplicate of ciphersuite validation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
3cffc5ccb1 tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:59:44 +02:00
Ronald Cron
7320e6436b ssl_tls12_client.c: Switch to generic Client Hello state handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
27c85e743f ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
4079abc7d1 ssl_client.c: Adapt extensions writing to the TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
d491c2d779 ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
Ronald Cron
12dcdf0d6e ssl_tls12_client.c: Move writing of TLS 1.2 specific extensions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
4e263fd49c ssl_tls12_client.c: Simplify TLS version in encrypted PMS
This can only be TLS 1.2 now in this structure and when
adding support for TLS 1.2 or 1.3 version negotiation
the highest configured version can be TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
90915f2a21 ssl_tls12_client.c: Remove some unnecessary checks on TLS minor version
ssl_tls12_client.c contains only TLS 1.2 specific
code thus remove some checks on the minor version
version being MBEDTLS_SSL_MINOR_VERSION_3. No aim
for completeness, ssl_parse_server_hello() is not
reworked here for example.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
de1adee51a Rename ssl_cli/srv.c
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Renamed from library/ssl_cli.c (Browse further)