1790 commits

Author	SHA1	Message	Date
Dave Rodgman	90af1a10ab	Merge pull request #6734 from daverodgman/fix_test_dep_spelling ... Fix spelling of test dependency	2022-12-07 09:06:29 +00:00
Dave Rodgman	556e8a3219	Fix additional mis-spelling ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-12-06 16:31:25 +00:00
Jerry Yu	6ee56aa18f	Add default values for conf->*early_data* ... - early_data default to disable - max_early_data_size default to built-in value Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-06 18:00:47 +08:00
Jerry Yu	39da9857df	remove limitation of max_early_data_size ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-06 16:58:36 +08:00
Jerry Yu	12c46bd14f	fix various issues ... - disable reuse of max_early_data_size. - make conf_early_data available for server. - various comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-06 11:02:51 +08:00
Jerry Yu	cc4e007ff6	Add max_early_data_size to mbedtls_ssl_config ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-01 23:11:48 +08:00
Jerry Yu	3d9b590f02	guards transform_earlydata ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-28 17:34:06 +08:00
Manuel Pégourié-Gonnard	ef25a99f20	Merge pull request #6533 from valeriosetti/issue5847 ... Use PSA EC-JPAKE in TLS (1.2) - Part 2	2022-11-23 13:27:30 +01:00
Valerio Setti	99d88c1ab4	tls: psa_pake: fix missing casting in mbedtls_psa_ecjpake_write_round ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-22 16:03:43 +01:00
Valerio Setti	d4a9b1ab8d	tls: psa_pake: remove useless defines and fix a comment ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-22 11:11:10 +01:00
Valerio Setti	79f6b6bb1b	tls: psa_pake: fixing mbedtls_psa_ecjpake_write_round() ... It might happen that the psa_pake_output() function returns elements which are not exactly 32 or 65 bytes as expected, but 1 bytes less. As a consequence, insted of hardcoding the expected value for the length in the output buffer, we write the correct one as obtained from psa_pake_output() Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-21 14:17:03 +01:00
Jerry Yu	1fb3299ad7	Replace internal usage of is_handshake_over. ... NEW_SESSION_TICKETS* are processed in handshake_step. Change the stop condition from `mbedtls_ssl_is_handshake_over` to directly check. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:34 +08:00
Jerry Yu	5ed73ff6de	Add NEW_SESSION_TICKET* into handshake over states ... All state list after HANDSHAKE_OVER as is_handshakeover Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:34 +08:00
Jerry Yu	6848a61922	Revert "Replace internal usage of mbedtls_ssl_is_handshake_over" ... This reverts commit 1d3ed2975e7ef0d84050a3aece02eec1f890dec3. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:34 +08:00
Jerry Yu	e219c11b4e	Replace internal usage of mbedtls_ssl_is_handshake_over ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:34 +08:00
Valerio Setti	61ea17d30a	tls: psa_pake: fix return values in parse functions ... Ensure they all belong to the MBEDTLS_ERR_SSL_* group Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-18 12:11:00 +01:00
Valerio Setti	aca21b717c	tls: psa_pake: enforce not empty passwords ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 18:20:50 +01:00
Valerio Setti	819de86895	tls: removed extra white spaces and other minor fix ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 18:05:19 +01:00
Valerio Setti	6b3dab03b5	tls: psa_pake: use a single function for round one and two in key exchange read/write ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 17:14:54 +01:00
Valerio Setti	9bed8ec5d8	tls: psa_pake: make round two reading function symmatric to the writing one ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:36:19 +01:00
Valerio Setti	30ebe11f86	tls: psa_pake: add a check on read size on both rounds ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:35:02 +01:00
Valerio Setti	a08b1a40a0	tls: psa_pake: move move key exchange read/write functions to ssl_tls.c ... Inlined functions might cause the compiled code to have different sizes depending on the usage and this not acceptable in some cases. Therefore read/write functions used in the initial key exchange are moved to a standard C file. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:34:59 +01:00
Valerio Setti	02c25b5f83	tls12: psa_pake: use common code for parsing/writing round one and round two data ... Share a common parsing code for both server and client for parsing round one and two. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-16 13:56:12 +01:00
Paul Elliott	aeb8bf2ab0	Merge pull request #6170 from yuhaoth/pr/tls13-cleanup-extensions-parser ... TLS 1.3: Add extension check for message parsers	2022-11-11 19:00:46 +00:00
Jerry Yu	97be6a913e	fix various issues ... - typo error - replace `ssl->hanshake` with handshake Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-09 22:43:31 +08:00
Jerry Yu	7de2ff0310	Refactor extension list print ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 23:51:39 +08:00
Jerry Yu	79aa721ade	Rename ext print function and macro ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 23:51:39 +08:00
Jerry Yu	b95dd3683b	Add missing mask set and tls13 unrecognized extension ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 23:51:38 +08:00
Jerry Yu	ea52ed91cf	fix typo and spell issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 21:01:17 +08:00
Dave Rodgman	ae2635df6f	Merge pull request #6306 from tom-cosgrove-arm/issue-6305-fix ... Return an error from mbedtls_ssl_handshake_step() if neither client nor server	2022-11-08 10:54:17 +00:00
Neil Armstrong	ca7d506556	Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com> Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-08 10:58:45 +01:00
Gilles Peskine	bf249accc7	Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost ... BUG: Fix session resumption fail when hostname is not localhost	2022-11-07 17:33:38 +01:00
Jerry Yu	4b8f2f7266	Refactor sent extension message output ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:21 +08:00
Jerry Yu	d25cab0327	Refactor debug helpers for exts and hs message ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:21 +08:00
Dave Rodgman	29b9b2b699	Fix zeroization at NULL pointer ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-01 16:08:14 +00:00
Dave Rodgman	e8734d8a55	Apply suggestions from code review ... Two spelling fixes (changelog & a comment) Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-10-31 14:30:24 +00:00
Jerry Yu	7a485c1fdf	Add ext id and utilities ... - Remove `MBEDTLS_SSL_EXT_*` - Add macros and functions for translating iana identifer. - Add internal identity for extension Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	c4bf5d658e	fix various issues ... - Signature of - mbedtls_tls13_set_hs_sent_ext_mask - check_received_extension and issues - Also fix comment issue. - improve readablity. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	0c354a211b	introduce sent/recv extensions field ... And remove `extensions_present` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	def7ae4404	Add auth mode check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-30 17:57:06 +08:00
Ronald Cron	77e15e8a2c	Merge pull request #6460 from xkqian/tls13_add_early_data_preparatory ... Internal and Open CI merge job ran successfully. Good to go.	2022-10-27 10:40:56 +02:00
Gilles Peskine	88f5fd9099	Merge pull request #6479 from AndrzejKurek/depends-py-no-psa ... Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts	2022-10-26 20:02:57 +02:00
Xiaokang Qian	72dbfef6e4	Improve coding styles ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-26 06:33:57 +00:00
Gilles Peskine	744fd37d23	Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 ... Fix unusual macros	2022-10-25 19:55:29 +02:00
Xiaokang Qian	72de95dcf5	Move function mbedtls_ssl_tls13_conf_early_data to ssl_tls.c ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-25 05:34:25 +00:00
Andrzej Kurek	409248a73a	mbedtls_ssl_get_handshake_transcript is unusable without hashes ... Mark unused variables when compiling without SHA256 and SHA384. In future a proper dependency will be added to TLS 1.2 to enforce either of these hashes to be on. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-24 15:56:10 -04:00
Andrzej Kurek	57d1063db9	Fix tls_prf generic dependencies ... One version was already surrounded by the USE_PSA define, so the VIA_XX_OR_XX macros were removed; Second version is when USE_PSA is undefined, so MBEDTLS_ macros can be used. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-24 15:56:10 -04:00
Ronald Cron	73fe8df922	Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED ... Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to guard TLS code (both 1.2 and 1.3) specific to handshakes involving PSKs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	e68ab4f55e	Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED ... Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to guard TLS code (both TLS 1.2 and 1.3) specific to handshakes involving certificates. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	41a443a68d	tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED ... Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard code specific to one of the TLS 1.3 key exchange mode with PSK. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00