mbedtls

Author	SHA1	Message	Date
XiaokangQian	318dc763a6	Fix test failure issue and update code styles Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 09:43:51 +00:00
XiaokangQian	0803755347	Update code base on review comments Refine named_group parsing Refine cipher_suites parsing Remove hrr related part Share code between client and server side Some code style changes Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:50:14 +00:00
XiaokangQian	cfd925f3e8	Fix comments and remove hrr related code Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	9b5d04b078	Share parse_key_share() between client and server Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	7ac3ab3404	Add hello retry request count for server Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
Ronald Cron	217d699d85	Fix Doxygen marks Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:28:51 +02:00
Glenn Strauss	bbdc83b55b	Use mbedtls_ssl_protocol_version in public structs Use mbedtls_ssl_protocol_version in public structs, even when doing so results in a binary-incompatible change to the public structure (PR feedback from @ronald-cron-arm) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	cd78df6aa4	handshake->min_minor_ver to ->min_tls_version Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	e3af4cb72a	mbedtls_ssl_(read\|write)_version using tls_version remove use of MBEDTLS_SSL_MINOR_VERSION_* remove use of MBEDTLS_SSL_MAJOR_VERSION_* (only remaining use is in tests/suites/test_suite_ssl.data) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	60bfe60d0f	mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller. Reduce size of mbedtls_ssl_ciphersuite_t members are defined using integral types instead of enums in order to pack structure and reduce memory usage by internal ciphersuite_definitions[] Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:12 -04:00
Glenn Strauss	2dfcea2b9d	mbedtls_ssl_config min_tls_version, max_tls_version Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible on little-endian platforms, but is compatible on big-endian platforms. For systems supporting only TLSv1.2, the underlying values are the same (=> 3). New setter functions are more type-safe, taking argument as enum mbedtls_ssl_protocol_version: mbedtls_ssl_conf_max_tls_version() mbedtls_ssl_conf_min_tls_version() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:39:43 -04:00
Glenn Strauss	07c641605e	Rename mbedtls_ssl_transform minor_ver to tls_version Store the TLS version in tls_version instead of minor version number. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:23:54 -04:00
Neil Armstrong	769dc05597	Remove bad dependency on MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED for ecdh_ctx guard Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-14 09:56:24 +02:00
Neil Armstrong	f3f46416e3	Remove ecdh_ctx variable, init & free when USE_PSA_CRYPTO isn't selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:43:39 +02:00
Manuel Pégourié-Gonnard	1b05aff3ad	Merge pull request #5624 from superna9999/5312-tls-server-ecdh TLS ECDH 3b: server-side static ECDH (1.2)	2022-04-07 11:46:25 +02:00
Przemek Stekiel	8583627ece	psa_ssl_status_to_mbedtls: add conversion of PSA_ERROR_BUFFER_TOO_SMALL Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-05 10:50:53 +02:00
Neil Armstrong	f716a700a1	Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-04 11:23:46 +02:00
Ronald Cron	0e980e8e84	Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 TLS 1.2/1.3 version negotiation - 2	2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard	6a25159c69	Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations HKDF 2: use internal implementations in TLS 1.3	2022-04-01 11:15:29 +02:00
Ronald Cron	bdb4f58cea	Add and update documentation of some minor version fields Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 18:24:59 +02:00
Ronald Cron	82c785fac3	Make handshake::min_minor_ver client only Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 15:44:41 +02:00
Neil Armstrong	91477a7964	Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:18 +02:00
Neil Armstrong	8113d25d1e	Add ecdh_psa_shared_key flag to protect PSA privkey if imported Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Ronald Cron	f660655b84	TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	e71639d39b	Simplify TLS major version default value setting Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	fbd9f99f10	ssl_tls.c: Move some client specific functions to ssl_client.c Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	4079abc7d1	ssl_client.c: Adapt extensions writing to the TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	11e1857f5e	ssl_client.c: Fix key share code guards In TLS 1.3 key sharing is not restricted to key exchange with certificate authentication. It happens in the PSK and ephemeral key exchange mode as well where there is no certificate authentication. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	d491c2d779	ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Gabor Mezei	cb5ef6a532	Remove duplicated includes Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:10:01 +02:00
Gabor Mezei	55c49a3335	Use proper macro guard Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:09:15 +02:00
Ronald Cron	86a477f5ee	ssl_client.c: Adapt initial version selection to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	3d580bf4bd	Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	8f6d39a81d	Make some handshake TLS 1.3 utility routines available for TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	90f012037d	ssl_tls12_server.c: Simplify TLS version check in ClientHello The TLS server code only support TLS 1.2 thus simplify the check of the version proposed by the client. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	4dcbca952e	ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the "if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive as it is specific to TLS 1.2. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	de1adee51a	Rename ssl_cli/srv.c Rename ssl_cli.c and ssl_srv.c to reflect the fact that they are TLS 1.2 specific now. Align there new names with the TLS 1.3 ones. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	63d97ad0bb	Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 Add rsae sha384 sha512	2022-03-29 14:01:51 +02:00
Gabor Mezei	5d9a1fe9e9	PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3 With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support is always enabled. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 15:47:15 +01:00
XiaokangQian	20438976f9	Change comments and styles base on review Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 08:09:29 +00:00
XiaokangQian	9b93c0dd8d	Change cookie parameters for dtls and tls 1.3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	25c9c9023c	Refine cookie len to fix compile issues Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
Jerry Yu	6c6f10265d	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-25 11:09:50 +08:00
Jerry Yu	e26acee896	Refactor guards for sig algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 21:01:33 +08:00
Jerry Yu	f8aa9a44aa	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 20:54:38 +08:00
Jerry Yu	8c3388620d	create sig_alg decode function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 13:34:04 +08:00
Jerry Yu	0c23fc39c3	fix various guards issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 12:20:01 +08:00
Jerry Yu	cef3f33012	Guard rsa sig algs with rsa_c and pkcs1_v{15,21} Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 23:16:42 +08:00
Jerry Yu	3a58b462b6	add pss_rsae_sha{384,512} Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Gabor Mezei	1bf075fffd	Use SSL error codes The `psa_ssl_status_to_mbedtls` function is not only used for cipher operations so transalte to TLS error codes. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:53 +01:00
Gabor Mezei	adfeadc6e5	Extend PSA error translation Add new error codes to the PSA to mbedtls error translation. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:53 +01:00
Manuel Pégourié-Gonnard	f4042f076b	Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac TLS record HMAC	2022-03-21 11:36:44 +01:00
Ronald Cron	8d7afc642c	Merge pull request #5523 from ronald-cron-arm/one-flush-output-development TLS 1.3: One flush output	2022-03-21 08:44:04 +01:00
Manuel Pégourié-Gonnard	10e5cdbbbf	Merge pull request #5454 from gstrauss/cert_cb-user_data server certificate selection callback	2022-03-10 11:51:42 +01:00
Ronald Cron	00d012f2be	Fix type of force_flush parameter Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	66dbf9118e	TLS 1.3: Do not send handshake data in handshake step handlers Send data (call to mbedtls_ssl_flush_output()) only from the loop over the handshake steps. That way, we do not have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE error code) on the network in handshake step handlers. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Manuel Pégourié-Gonnard	d815114f93	Merge pull request #5524 from mprse/tls_ecdh_2c TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)	2022-03-08 11:43:45 +01:00
Glenn Strauss	6989407261	Add accessor to retrieve SNI during handshake Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 19:55:53 -05:00
Neil Armstrong	cf8841a076	Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:16:49 +01:00
Neil Armstrong	39b8e7dde4	Add, Initialize & Free HMAC keys in mbedtls_ssl_transform Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-23 09:24:57 +01:00
Jerry Yu	3e536442f5	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	a23b9d954c	fix undefine error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	1bb5a1ffe3	Implement received sig_algs check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	90f152dfac	fix psk only build fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	8511f125af	Add certificteVerify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	5cc3506c9f	Add write certificate and client handler Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	bef175db96	Wrap derive_keys with TLS1_2 option Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	7d2396332d	fix wrong setting of max_minor version Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	c5aef88be6	tls13_only: guard ssl_{cli,srv}.c with TLS1_2 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	c3091b1c8c	tls13_only: compile pass Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Manuel Pégourié-Gonnard	e14b644f4d	Merge pull request #5456 from mpg/cleanup-ecdh-psa Cleanup PSA-based ECDHE in TLS 1.2	2022-02-15 09:09:07 +01:00
Przemyslaw Stekiel	b15f33d496	Enable ecdh_psa_xxx fields in struct mbedtls_ssl_handshake_params for TLS 1.3 These fields need to be enabled for 1.3 even if MBEDTLS_USE_PSA_CRYPTO isn't (1.3 should always use PSA). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-10 15:24:27 +01:00
Manuel Pégourié-Gonnard	62b49cd06a	Merge pull request #5472 from yuhaoth/pr/move-client-auth Move client_auth to handshake	2022-02-09 10:57:00 +01:00
Ronald Cron	6ca6faa67e	Merge pull request #5080 from xffbai/add-tls13-read-certificate-request add tls1_3 read certificate request	2022-02-09 09:51:55 +01:00
Jerry Yu	5c7d1cce97	fix typo error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-08 21:08:29 +08:00
Jerry Yu	2d9a694088	change type of client_auth Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-08 21:07:10 +08:00
Xiaofei Bai	51f515a503	update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-02-08 07:28:04 +00:00
Jerry Yu	0ff8ac89f5	fix comments issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-08 10:10:48 +08:00
Przemyslaw Stekiel	8c010eb467	Fix comments, code style, remove debug code Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 14:55:24 +01:00
Manuel Pégourié-Gonnard	0d63b84fa4	Add mbedtls_ssl_check_curve_tls_id() (internal) This can be used to validate the server's choice of group in the PSA case (this will be done in the next commit). Note that new function doesn't depend on ECP_C, as it only requires mbedtls_ssl_get_groups(), which is always available. As a general rule, functions for defining and enforcing policy in the TLS module should not depend on low-level modules but work with TLS-level identifiers are much as possible, and this new function follows that principle. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:15 +01:00
Przemyslaw Stekiel	77aec8d181	Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel	89dad93a78	Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	e5c2238a99	Move mbedtls_ssl_cipher_to_psa() and psa_status_to_mbedtls() defs out of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED build flag Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	f57b45660d	Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention. New function name: mbedtls_ssl_cipher_to_psa(). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	9b22c2b1e6	Rename: mbedtls_cipher_to_psa -> tls_mbedtls_cipher_to_psa Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	6be9cf542f	Cleanup the code Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	e87475d834	Move psa_status_to_mbedtls to ssl_misc.h Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	8398a67e31	Fix description of the translation function Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	44187d7a3e	Extend mbedtls_ssl_transform struct for psa keys and alg Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	430f337b49	Add helper function to translate mbedtls cipher type/mode pair to psa: algorithm, key type and key size. Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Xiaofei Bai	6d42bb430c	Update mbedtls_ssl_handshake_free() Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-28 10:05:51 +00:00
Manuel Pégourié-Gonnard	f7d704dbd2	Avoid dead code in some configurations Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-28 10:05:56 +01:00
Xiaofei Bai	f5b4d25cfa	Add received_sig_algs member to struct mbedtls_ssl_handshake_params Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-28 06:37:15 +00:00
Jerry Yu	fb28b88e26	move client_auth to handshake Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-28 11:05:58 +08:00
Xiaofei Bai	82f0a9a1db	Rebase and address review comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-27 07:53:52 +00:00
XiaokangQian	34909746df	Change cookie free code and some comments Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 02:25:04 +00:00
XiaokangQian	52da558103	Change code base on comments Align the alert type in parse_server_hello Remove MBEDTLS_SSL_COOKIE_C guard Enable cookie for both DTLS and TLS1.3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	78b1fa7e81	Update code base on comments Move reset transcript for hrr to generic Reset SHA256 or SHA384 other than both Rename message layer reset Add check log for hrr parse successfully Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	d9e068e10b	Change code based on comments Align coding styles Add hrr parameter for ssl_tls13_parse_server_hello Add reset steps for SHA384 in HRR Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	647719a172	Add hello retry request in client side Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:50:06 +00:00
Xiaofei Bai	69fcd39774	Update CertificateRequest tests and the parsing function Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:32:29 +00:00
Xiaofei Bai	a0ab777cfc	update based on comments. Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Xiaofei Bai	e1e344213a	Add TLS1.3 process certificate request Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:52 +00:00
Jerry Yu	971988528d	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	8afd6e4308	fix typo issues in comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	eb821c6916	remove check_sig_hash Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	24811fb2e0	replace check_sig_hash with is_offered Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	1bab301c0d	Add signature algorithm supported check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	7ddc38cedb	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	4131ec1260	Add signature algorithm length check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	713013fa80	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	e12f1ddcfa	fix check names fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	6106fdc085	fix build fail without TLS13 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	f017ee4203	merge write sig_alg of tls12 and tls13 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> # Conflicts: # library/ssl_misc.h	2022-01-25 12:46:17 +08:00
Jerry Yu	2d0bd32982	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	afdfed16d0	add get sig_algs helper function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:16 +08:00
Manuel Pégourié-Gonnard	d2da19b8eb	Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO	2022-01-18 09:16:25 +01:00
Jerry Yu	f0fede56a6	minor performance improvement Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-12 10:57:47 +08:00
Jerry Yu	3ad14ac9e9	Add named group IANA value check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 17:13:16 +08:00
Andrzej Kurek	03e01461ad	Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO Fix library references, tests and programs. Testing is performed in the already present all.sh test. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-03 12:53:24 +01:00
Jerry Yu	136320ba0b	fix ci fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-21 17:09:00 +08:00
Jerry Yu	1ea9d10687	fix test_ref_configs build fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-21 14:52:38 +08:00
Jerry Yu	1753261083	change write_supported_groups_ext prototype Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:32:09 +08:00
Jerry Yu	ba07342cd6	Add generic write_supported-groups_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:22:15 +08:00
Ronald Cron	6f135e1148	Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:47:55 +01:00
Ronald Cron	574ace48d8	Remove unnecessary blank line Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 10:27:25 +01:00
Ronald Cron	49ad6197ca	Add injection of dummy's ChangeCipherSpec for middlebox compatibility Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard	c38c1f2411	Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0 Reorder structure fields to maximize usage of immediate offset access	2021-12-09 12:54:09 +01:00
Gilles Peskine	cfe74a37b9	mbedtls_ssl_handshake_params: move ecrs_ctx back further "mbedtls_ssl_handshake_params: reorder fields to save code size" moved this filed earlier along with byte-sized fields that should be in the 128-element access window on Arm Thumb. This took away precious room in the 128-byte window. Move it back further out. Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT + MBEDTLS_ECP_RESTARTABLE): library/ssl_cli.o: 2860 -> 2816 (diff: 44) library/ssl_msg.o: 3080 -> 3076 (diff: 4) library/ssl_srv.o: 3340 -> 3300 (diff: 40) library/ssl_tls.o: 6546 -> 6478 (diff: 68) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-08 18:38:51 +01:00
Gilles Peskine	41139a2541	mbedtls_ssl_handshake_params: move group_list earlier to save code size Placing group_list earlier seems to help significantly, not just as a matter of placing it in the 128-element (512-byte) access window. Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build): library/ssl_cli.o: 19559 -> 19551 (diff: 8) library/ssl_msg.o: 24690 -> 24674 (diff: 16) library/ssl_srv.o: 20418 -> 20406 (diff: 12) library/ssl_tls.o: 20555 -> 20519 (diff: 36) library/ssl_tls13_client.o: 7244 -> 7240 (diff: 4) library/ssl_tls13_generic.o: 4693 -> 4697 (diff: -4) Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT + MBEDTLS_ECP_RESTARTABLE): library/ssl_cli.o: 2864 -> 2860 (diff: 4) library/ssl_tls.o: 6566 -> 6546 (diff: 20) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-08 18:26:55 +01:00
Xiaofei Bai	d25fab6f79	Update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-12-02 06:36:27 +00:00
Gilles Peskine	ec45c1e174	mbedtls_ssl_handshake_params: reorder fields to save code size Reorder fields mbedtls_ssl_handshake_params in order to save code on Arm Thumb builds. The general idea is to put often-used fields in the direct access window of 128 elements from the beginning of the structure. The reordering is a human selection based on a report of field offset and use counts, and informed by measuring the code size with various arrangements. Some notes: * This is the same reordering as the corresponding commit in #5189 for 2.2x. * I moved most byte-sized fields at the beginning where they're sure to be in the direct access window. * I moved buffering earlier because it can be around the threshold depending on the configuration, and it's accessed in a lot of places. * I moved several fields, including update_checksum and friends, early so that they're guaranteed to be in the early access window. Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build): library/ssl_cli.o: 19763 -> 19687 (diff: 76) library/ssl_msg.o: 24874 -> 24834 (diff: 40) library/ssl_srv.o: 20754 -> 20562 (diff: 192) library/ssl_tls.o: 21003 -> 20907 (diff: 96) library/ssl_tls13_client.o: 7284 -> 7272 (diff: 12) library/ssl_tls13_generic.o: 4749 -> 4721 (diff: 28) library/ssl_tls13_keys.o: 5133 -> 5077 (diff: 56) Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT + MBEDTLS_ECP_RESTARTABLE): library/ssl_cli.o: 3000 -> 2936 (diff: 64) library/ssl_msg.o: 3084 -> 3080 (diff: 4) library/ssl_srv.o: 3428 -> 3400 (diff: 28) library/ssl_tls.o: 6754 -> 6730 (diff: 24) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-11-29 12:18:09 +01:00
Gilles Peskine	55490d4e1f	mbedtls_ssl_handshake_params: use bytes for some small values Replace bitfields mbedtls_ssl_handshake_params by bytes. This saves some code size, and since the bitfields weren't group, this doesn't increase the RAM usage. Replace several ints that only store values in the range 0..255 by uint8_t. This can increase or decrease the code size depending on the architecture and on how the field is used. I chose changes that save code size on Arm Thumb builds and will save more after field reordering. Leave the bitfields in struct mbedtls_ssl_hs_buffer alone: replacing them by uint8_t slightly increases the code size. Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build): library/ssl_cli.o: 19759 -> 19763 (diff: -4) library/ssl_srv.o: 20790 -> 20754 (diff: 36) library/ssl_tls13_keys.o: 5153 -> 5133 (diff: 20) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-11-29 12:01:39 +01:00
Gilles Peskine	8716f17961	Tweak whitespace for readability Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-11-26 12:47:55 +01:00
Xiaofei Bai	89b526da3e	Fix some more variables names Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
Xiaofei Bai	746f9481ea	Fix 1_3/13 usages in macros and function names Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
Gabor Mezei	be7b21da22	Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module	2021-11-24 10:44:13 +01:00
Jerry Yu	a6e6c27bd3	Grouplize tls1_3 special functions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-17 17:54:13 +08:00
Jerry Yu	378254d3e3	Implement handshake wrapup Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-17 16:03:06 +08:00
XiaokangQian	cc90c94413	Rebase and change code Solve conflicts. Rename functions Align coding style Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-15 03:37:11 +00:00
XiaokangQian	57b2aff8a8	Align the union size Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 03:12:11 +00:00
XiaokangQian	aaa0e197a8	Change the alignment and names of functions and a macro Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 03:07:04 +00:00
XiaokangQian	c5c39d5800	Change code for styles and comments .etc Remove useless code in union. Rename functions and parameters. Move definitions into othe files. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	8903bd97b0	Change some naming style issues and remove useless code Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	f26f6ade0c	Rebase and solve conflicts Remove the double definition and change name Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	4cab0240c7	Change coding style Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	aa5f5c1f5d	TLS1.3: Add server finish processing in client side Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:22 +00:00
Ronald Cron	91fe315c69	Merge pull request #5134 from xffbai/add-hostname-ext TLS1.3 Add hostname extension	2021-11-09 12:28:14 +01:00
Ronald Cron	260f5d9413	Merge pull request #4953 from yuhaoth/pr/add-tls13-read-certificate-verfify TLS1.3: CertificateVerify:add tls13 read certificate verfify	2021-11-08 09:36:35 +01:00
Xiaofei Bai	15a56813a2	TLS1.3 Add hostname extention Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-05 10:52:12 +00:00

1 2 3 4 5 ...

346 commits