yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
24501 commits 1 branch 0 tags 94 MiB
Commit graph

10801 commits

Author SHA1 Message Date
Gabor Mezei
83669d910e
Add a testable function for ecp_mod_p192k1 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-04-13 12:44:37 +02:00
Dave Rodgman
22d9ff6d3c
Merge pull request #7353 from xkqian/tls13_fix_code_style 
Improve code styles for tls13 related files
 2023-04-11 09:18:22 +01:00
Gilles Peskine
5634f87d68
Merge pull request #7418 from xkqian/big_number_ecc_update_comment 
Update SEC1 link in ecp.c
 2023-04-11 09:34:07 +02:00
Gilles Peskine
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api 
ssl_cache: misc improvements
 2023-04-11 09:30:40 +02:00
Manuel Pégourié-Gonnard
b16a50eeab
Merge pull request #7392 from valeriosetti/issue7388 
PK: use PSA to complete public key when USE_PSA is enabled
 2023-04-11 09:09:06 +02:00
Xiaokang Qian
49f39c1e91 Fix the wrong debug _message function to _ret 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:17 +00:00
Xiaokang Qian
09c3cccf97 Update the todo comment of record size limits 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:17 +00:00
Xiaokang Qian
8bce0e6f5e Update group ext debug message in ssl_tls13_server.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:17 +00:00
Xiaokang Qian
91bb3f0665 Wrap lines in library/ssl_tls13_client.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:17 +00:00
Xiaokang Qian
9f1747bb1f Wrap lines which exceed 80 chars in ssl_tls13_server.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:14 +00:00
Xiaokang Qian
958b6ffe98 Wrap lines which exceed 80 chars in ssl_tls13_client.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:27:52 +00:00
Xiaokang Qian
7343738695 Wrap lines which exceed 80 chars in ssl_tls13_generic.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:27:51 +00:00
Xiaokang Qian
123cde824c Improve code styles(line numbers) for tls13_key.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:27:51 +00:00
Xiaokang Qian
669c7c35f0 Update SEC1 link in ecp.c 
Old link doesn't work any more, update it to one
new link to refer version 2

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 07:36:35 +00:00
Pengyu Lv
e3746d7ce6 ssl_cache: Error renaming and document improvement 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-10 14:40:03 +08:00
Valerio Setti
520c0384e7 pkparse: fix return value 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 11:38:09 +02:00
Valerio Setti
1df94f841b pk: fix return codes' precedence and code style 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 11:04:32 +02:00
Manuel Pégourié-Gonnard
f740767c00
Merge pull request #7391 from valeriosetti/issue7387 
PK: don't use mbedtls_ecp_check_pub_priv() when USE_PSA is enabled
 2023-04-07 10:17:18 +02:00
Valerio Setti
9d65f0ef12 pk_wrap: simplify prototype of eckey_check_pair_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:53:17 +02:00
Valerio Setti
aad6306212 pkparse: fix guards position 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Valerio Setti
4bf73ad83f pkparse: use proper sizing for buffer 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Valerio Setti
34f6755b34 pkparse: add new function for deriving public key from private using PSA 
Instead of using the legacy mbedtls_ecp_mul() function which makes use of
ECP's math, this commit adds a new function named pk_derive_public_key()
which implements the same behavior using PSA functions.
The flow is simple:
- import the private key into PSA
- export its public part

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Valerio Setti
f286664069 pk_wrap: minor code optimizations 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:37:46 +02:00
Dave Rodgman
0b3de6fcec
Merge pull request #7288 from ronald-cron-arm/tls13-server-version-negotiation 
TLS: TLS 1.2 / 1.3 version negotiation on server side
 2023-04-06 16:26:19 +01:00
Janos Follath
3615be65f8
Merge pull request #7342 from gabor-mezei-arm/6679_prevent_mpi_mod_write_from_corrupting_the_input 
Prevent mpi_mod_write from corrupting the input
 2023-04-06 15:56:28 +01:00
Janos Follath
44c6694be7
Merge pull request #7351 from gabor-mezei-arm/7109_ecp_fast_reduction_testing 
Test unlikely cases of ECC modular reduction
 2023-04-06 15:55:19 +01:00
Ronald Cron
dad02b2bec tls13: srv: Fix comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron
fe01ec2d57 tls12: srv: Use sizeof() instead of constant 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron
c564938180 Add downgrade protection mechanism 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron
e45afd760d Use specific pointer to loop over proposed cipher suites 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:01 +02:00
Ronald Cron
eff5673e09 Improve and align variable names for supported versions data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
3bd2b02486 Check for TLS 1.3 version first 
Check for TLS 1.3 version first when parsing
the supported versions extension as it is
the most likely version.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
b828c7d3de Fix, improve and add comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration 
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
3b35455a69 tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
6291b23080 tls: Add logic in handshake step to enable server version negotiation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
8a12aeec93 tls: Initialize SSL context tls_version in mbedtls_ssl_setup() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
5af4c7f0e2 tls13: srv: Add detection to negotiate TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
8c527d0be8 tls13: srv: Parse supported versions extension early 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
2f16b4ec66 tls13: srv: Postpone cipher suite selection 
Postpone TLS 1.3 cipher suite selection
when we are sure we negotiate the version
1.3 of the protocol.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
cada410365 tls13: srv: Postpone legacy session id copy 
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the legacy session id.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
d540d995b2 tls13: srv: Postpone client random copy 
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the client random
bytes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
6458239b36 tls13: srv: Move TLS version setting 
When parsing the ClientHello message,
move the setting of the TLS version
to TLS 1.3 after the computation of
the end of the list of cipher suites.
At that point we are able to compute
the address and end address of the
list of extensions and thus able to
search and parse the supported_versions
extension to select which version
of the TLS protocol we are going to
negotiate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
47dce630f4 tls13: Add function to search for a supported_versions extension 
Move in a dedicated function the search for the
supported_versions extension in a list of
extensions, to be able to use it on server side
as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Minos Galanakis
00bd8925a7 bignum: Removed merge scaffolding. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-05 16:13:11 +01:00
Janos Follath
13c73de6de
Merge pull request #6233 from tom-cosgrove-arm/issue-6226-core-mul 
Bignum: extract core_mul from the prototype
 2023-04-04 13:36:22 +01:00
Ronald Cron
219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc 
PSA cryptography miscellaneous
 2023-04-04 10:54:03 +02:00
Valerio Setti
98680fc2ed ecp: revert changes to ECP module and test suite 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-04 10:22:59 +02:00
Valerio Setti
8eb552647f pk_wrap: fix sizing for private key buffer 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-04 10:20:53 +02:00
Gabor Mezei
d62605126d
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-04-03 17:32:55 +02:00