Jerry Yu
2ff6ba1df0
Remove rsa_pss_rsae_sha256 support.
...
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 10:38:25 +08:00
Jerry Yu
782720787f
Refactor write_certificate_verify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:28:13 +08:00
Jerry Yu
2124d05e06
Add sha384 and sha512 case
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
d66409ae92
Add non support sig alg check and test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
c8d8d4e01a
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
7db5b8f68c
add rsa_pss_rsae_sha256 write support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
3391ac00d3
fix various issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
ca133a34c5
Change state machine
...
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
537530d57a
Add certificate request echo
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
3e536442f5
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
7399d0d806
refactor write certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
32e0c2d526
fix server only build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
90f152dfac
fix psk only build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
8511f125af
Add certificteVerify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
5cc3506c9f
Add write certificate and client handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
566c781290
Add dummy state for client_certifiate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
fb4b6478ee
tls13_only: improve guards of files.
...
To improve readability of the preprocess guards.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Przemyslaw Stekiel
4b3fff43a8
Destroy ecdh_psa_privkey on HRR
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-15 08:53:26 +01:00
Ronald Cron
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
...
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00
Xiaofei Bai
c234ecf695
Update mbedtls_ssl_handshake_free() and address review comments.
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 10:26:42 +00:00
Xiaofei Bai
51f515a503
update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 07:28:04 +00:00
Xiaofei Bai
f5b4d25cfa
Add received_sig_algs member to struct mbedtls_ssl_handshake_params
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-28 06:37:15 +00:00
Xiaofei Bai
82f0a9a1db
Rebase and address review comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-27 07:53:52 +00:00
XiaokangQian
0ece998287
Refine code in mbedtls_ssl_reset_transcript_for_hrr
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
355e09ae9d
Change code base on comments
...
Change functions name
Change some comments
Improve hrr test case for gnutls
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
78b1fa7e81
Update code base on comments
...
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
0b56a8f85c
Replace curve_list with group_list and add update test scripts
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
Xiaofei Bai
69fcd39774
Update CertificateRequest tests and the parsing function
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-26 09:32:29 +00:00
Xiaofei Bai
a0ab777cfc
update based on comments.
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-26 09:31:54 +00:00
Xiaofei Bai
e1e344213a
Add TLS1.3 process certificate request
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-26 09:31:52 +00:00
Jerry Yu
24811fb2e0
replace check_sig_hash with is_offered
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
6106fdc085
fix build fail without TLS13
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
f017ee4203
merge write sig_alg of tls12 and tls13
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
# Conflicts:
# library/ssl_misc.h
2022-01-25 12:46:17 +08:00
Jerry Yu
2d0bd32982
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
08e2ceae18
Remove directly access for tls13_sig_algs
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:16 +08:00
Jerry Yu
f46b016058
skip some extensions if ephemeral not enabled
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-11 16:28:00 +08:00
Ronald Cron
6f135e1148
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
...
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Manuel Pégourié-Gonnard
4525cce691
Merge pull request #5256 from yuhaoth/pr/clean-up-secrets-after-done
...
TLS1.3 MVP: Erase secrets when they are not necessary anymore.
2021-12-10 12:48:25 +01:00
Jerry Yu
4a2fa5d0aa
Move erase handshake secrets
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:37:14 +08:00
Jerry Yu
27224f58be
fix coding style issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
7ca3054795
move zerioize tls13_hs_secrets
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
2c70a39d97
move zeroize randbytes
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Jerry Yu
d103bdb01d
Clean randbytes
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:33:27 +08:00
Ronald Cron
d4c64027a5
tls13: Move state transition after sending CCS to ssl_tls13_client.c
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Ronald Cron
49ad6197ca
Add injection of dummy's ChangeCipherSpec for middlebox compatibility
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Xiaofei Bai
d25fab6f79
Update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 06:36:27 +00:00
Xiaofei Bai
6dc90da740
Rebased on 74217ee
and add fixes
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:12:43 +00:00
Xiaofei Bai
eef150418f
Fix variable names in ssl_tls13_generic/client.c
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
Xiaofei Bai
746f9481ea
Fix 1_3/13 usages in macros and function names
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
XiaokangQian
4d2329fd8a
Change code based on reviews
...
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-25 02:21:16 +00:00
XiaokangQian
a83014db4a
TLS1.3: Add signature scheme pkcs1 v1.5
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-25 02:21:16 +00:00
Gilles Peskine
e2d707fea5
Merge pull request #4866 from gabor-mezei-arm/3649_move_constant_time_functions_into_separate_module
...
Move constant-time functions into a separate module
2021-11-24 19:33:00 +01:00
Gabor Mezei
685472bfb6
Update function name
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-24 11:17:36 +01:00
XiaokangQian
82d34ccf47
Add signature scheme rsa pss
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
Jerry Yu
cfe64f0b24
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-17 16:03:06 +08:00
Jerry Yu
378254d3e3
Implement handshake wrapup
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-17 16:03:06 +08:00
XiaokangQian
9ec8fcfddd
Improve failure messag for calculating verify data
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-15 08:24:08 +00:00
XiaokangQian
dce82245ac
Fix the compile issue about prepare message
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-15 06:01:26 +00:00
XiaokangQian
0fa6643eb5
Align coding stles and remove useless code
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-15 03:37:11 +00:00
XiaokangQian
35dc625e37
Move the location of functions
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-15 03:37:11 +00:00
XiaokangQian
8773aa0da9
Align coding styles in generic for client finish
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-15 03:37:11 +00:00
XiaokangQian
cc90c94413
Rebase and change code
...
Solve conflicts.
Rename functions
Align coding style
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-15 03:37:11 +00:00
XiaokangQian
e1655e4db8
Change naming styles and fix ci failure
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-15 03:37:11 +00:00
XiaokangQian
eab1023dbf
Fix some compiling errors for name mismatch
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-15 03:37:11 +00:00
XiaokangQian
74af2a827e
TLS1.3: Add client finish processing in client side
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-15 03:37:11 +00:00
XiaokangQian
a4c99f2c2d
Remove useless blank line
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-11 06:46:35 +00:00
XiaokangQian
c13f935c05
Align code styles of indent and so on
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-11 06:13:22 +00:00
XiaokangQian
3306284776
Change code base on comments
...
Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-11 03:37:45 +00:00
XiaokangQian
d0aa3e9307
Inprove code base on review comments
...
Change debug messag for server finished.
Change name of generate_application_keys.
Remove the client vertificate tests from ssl-opt.sh.
Add test strings for server finished in ssl-opt.sh.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 06:17:40 +00:00
XiaokangQian
aaa0e197a8
Change the alignment and names of functions and a macro
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 03:07:04 +00:00
XiaokangQian
c5c39d5800
Change code for styles and comments .etc
...
Remove useless code in union.
Rename functions and parameters.
Move definitions into othe files.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
44c38f7e36
Chande debug message in finished and rename finalize functions
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
ac0385c08f
Change code based on comments
...
Move set_state function into client
Add back export_key callback function in generate
application keys
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
8903bd97b0
Change some naming style issues and remove useless code
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
1aef02ee20
Fix initialized issues and remove useless code
...
Fix the variable not inialized issue, remove the client
certificate related code, remove early data related code.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
61bdbbc18b
Add cleanup in functions for secure reason
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
a763498490
Change code based on commetns
...
Focus on the code style, naming rule,etc.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
4cab0240c7
Change coding style
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
aa5f5c1f5d
TLS1.3: Add server finish processing in client side
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:22 +00:00
Jerry Yu
5398c10b89
Add return value check for cerificate verify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-05 13:32:38 +08:00
Jerry Yu
6f87f2521c
Refactor ssl_tls13_parse_certificate_verify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 20:15:03 +08:00
Jerry Yu
d0fc585b7e
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
0b32c502a4
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
da8cdf2fa9
Remove certificate_verify_coordinate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
982d9e5db2
Add ssl_tls13_sig_alg_is_offered
...
To keep consistent with cipher_suite check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
133690ccef
Refactor hash computation
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
26c2d11802
Fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
30b071cb66
tls13:Add certificate verify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Xiaofei Bai
f93cbd2674
fix some format issues
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-29 02:39:30 +00:00
Jerry Yu
b640bf6c15
fix CI build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 10:05:32 +08:00
Jerry Yu
83bb13101a
fix format warning
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-28 22:16:33 +08:00
Jerry Yu
7aa7186022
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-28 21:41:30 +08:00
Xiaofei Bai
ff45602c74
Add local variable verify_result
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-28 21:28:08 +08:00
Xiaofei Bai
10aeec0685
Fix a build error
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-28 21:28:08 +08:00
Xiaofei Bai
79595acf3f
Update based on review comments.
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-28 21:28:08 +08:00
Xiaofei Bai
947571efff
add tls1_3 read certificate
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-28 21:28:08 +08:00
Ronald Cron
e23bba04ee
Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils
...
TLS 1.3: ServerHello: add utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012 ) thus we can consider that this PR passed CI.
2021-10-11 11:01:11 +02:00
XiaokangQian
05420b120b
TLS1.3: Add useful comments based on RFC8446
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 06:15:18 +00:00
XiaokangQian
16c61aa738
TLS1.3: Alignment coding styles based on comments
...
Fix kinds of alignment issues in fetch handshake messages.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 02:14:23 +00:00
XiaokangQian
6b226b0874
Add fetch_hand_message in generic
...
This function is one common function in generic file, get it from
the encrypted extension and submit one patch independently.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 02:14:23 +00:00
Jerry Yu
4836952f9d
fix tls1_3 prefix issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
7bea4bac96
tls13: add checksum of handshake message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
b60e3cf424
fix various issues
...
- format problems
- name conversion issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 16:41:02 +08:00
Jerry Yu
7236994aa9
add signature algorithms extension
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
7533635e5a
Change dummy extension return
...
With error return, server can not receive
Client Hello message.
If received , we can test current status.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
dbfb7bd873
fix various issues
...
- wrong cipher suite filter condition
- name conversion
- format issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-04 10:00:02 +08:00
Jerry Yu
2c0fbf3405
modify proc_chk macros
...
- change the parameter
- remove debug output
- remove return value modify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
0c63af6ed6
fix comment issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
1bc2c1f1a3
fix various issues
...
fix comments, format and name conversion issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
e41dec0158
Rename write signature algorithms function
...
To keep similar name with other place.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
eecfbf001c
fix format issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
f443681f56
fix function name conversion issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
2ac64193ad
Apply MBEDTLS_PUT_xyz
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
bc20bdd3a9
Implement write_partial with dummy exts
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
c8a392c47e
Implement stages except write_partial
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
65dd2ccfe6
Add dummy stages for client_hello_process
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00