Jerry Yu
42ea733fdc
remove RSA not found test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
7db5b8f68c
add rsa_pss_rsae_sha256 write support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
37987ddd0f
Add test cases
...
Add test cases for different sig algs.
Known issue is rsa_pss_rsae_sha256 fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
3391ac00d3
fix various issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
ca133a34c5
Change state machine
...
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
537530d57a
Add certificate request echo
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
3e536442f5
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
a23b9d954c
fix undefine error
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
22abd06cd0
Add rsa key check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
aa6214a571
add empty client certificate tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
7399d0d806
refactor write certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
1bb5a1ffe3
Implement received sig_algs check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
32e0c2d526
fix server only build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
90f152dfac
fix psk only build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
72637c734b
fix write certificate fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
c19884f487
change expect exit value
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
25e0ddcf47
Add client certificate file
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
8511f125af
Add certificteVerify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
5cc3506c9f
Add write certificate and client handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
200b47b8f5
Add more tests for CertificateRequest
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
566c781290
Add dummy state for client_certifiate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
960bc28bcc
Add tests for no middlebox mode
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:57 +08:00
Ronald Cron
4579a972bf
Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1
...
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard
e3a2dd787e
Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa
...
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
2022-02-21 16:58:57 +01:00
Gabor Mezei
4fded1359a
Use PSA_INIT()
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:47:24 +01:00
Gabor Mezei
d860e0f18b
Add comment
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:39 +01:00
Gabor Mezei
0e7c6f4961
Check return value of psa_destroy_key
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:39 +01:00
Gabor Mezei
26c6741c58
Add better name for variable.
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:39 +01:00
Gabor Mezei
320d21cecf
Update documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:39 +01:00
Gabor Mezei
c5efb8e58b
Use PSA error code
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:38 +01:00
Gabor Mezei
5d7d201b87
Update test
...
Testing the hash length in this context is not applicable because there is no way
to specify it when calling mbedtls_psa_hkdf_extract.
Change to test invalid `alg` parameter.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:33 +01:00
Gabor Mezei
ebc9368173
typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:44:51 +01:00
Gabor Mezei
298a2d6109
Use ASSERT_ALLOC
...
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:43:52 +01:00
Gabor Mezei
89c1a95f8f
Delete leftover code
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:42:59 +01:00
Gabor Mezei
b1f53976ee
Add documentation for mbedtls_psa_hkdf_extract
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:42:59 +01:00
Gabor Mezei
62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible
...
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:42:57 +01:00
Gabor Mezei
73cb6f54de
Add tests for mbedtls_psa_hkdf_extrct
...
The tests are based on the the test of mbedtls_hkdf_extract.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:41:42 +01:00
Gabor Mezei
9f4bb319c9
Implement HKDF extract in TLS 1.3 based on PSA HMAC
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:23:29 +01:00
Gilles Peskine
57bf02bd58
ssl_conf_{min,max}_version documentation: update for 1.3 and improve
...
Mention that TLS 1.3 is supported, in addition to (D)TLS 1.2.
Improve and clarify the documentation. In particular, emphasise that the
minor version numbers are the internal numbers which are off by one from the
human numbers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
ce4f00de69
Reference get_version_number from the conf_xxx_version documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
d44e050339
get_version_number documentation: explicitly mention VERSION_UNKNOWN
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
860429f8af
Add version number debug check to the GnuTLS interop test as well
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
9cb08822a1
Minor clarification
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
ded2a42ac1
Use a union instead of casts
...
Same intended semantics, no casts.
Limitation: this doesn't work on architectures where
sizeof(uintptr_t) < sizeof(void*), which is somewhat weird but possible if
pointers contain redundant information.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
1e265d2e68
Fix swapped documentation of set_user_data_{n,p}
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
49d7ddf7f3
Serializing a context does not save the user data
...
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
80dae04f24
Make user_data fields private
...
Add accessor functions.
Add unit tests for the accessor functions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
66971f8ab1
Add prototype for automatically generated debug helper
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
c63a1e0e15
Fix mbedtls_ssl_get_version() for TLSv1.3
...
Test it in ssl-opt.sh.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
1255b0de98
Positive unit testing for SSL context version functions
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00