yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
20089 commits 1 branch 0 tags 94 MiB
Commit graph

8855 commits

Author SHA1 Message Date
Jerry Yu
fe24d1c9f5 add named group debug helper 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:00 +08:00
Jerry Yu
93a13f2c38 Share magic word of HRR 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:48:59 +08:00
Jerry Yu
67a2c37039 tls13:hrr:add empty frame work 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:48:59 +08:00
XiaokangQian
aad9b0a286 Update code base on comments 
Change-Id: Ibc5043154515d2801565a2b99741dfda1344211c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-09 01:11:21 +00:00
XiaokangQian
a987e1d2f8 Change state machine after encrypted extension and update cases 
Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
ec6efb98bc Change variable name to output_len 
Change-Id: I0f8a40da9782b2ec7af7e6f1faf1ac5c7e589418
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
cec9ae6259 Change the code places of CERTIFICATE_REQUEST 
Change-Id: I3aa293184fea4f960782675bdd520256c808bd4e
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
45c22201b3 Update test cases and encrypted extension state set 
Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
2f150e184f Update status and add test cases for client certificate request 
Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
1f1f1e3372 Temp change to align with client/server hello style 
Change-Id: I8befbbcb5d6f7fdb230022825dcb856e19d9bec0
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
9dc4450647 Fix commets issue about coding styles 
Change-Id: I930a062e137562e0b129b9b9b191e5c864f8104d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian
eaf3651e31 Rebase and solve conflicts 
Change handshake_msg related functions
Share the ssl_write_sig_alg_ext

Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
Xiaofei Bai
5ee73d84a9 Address review comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-05-07 01:37:04 +00:00
Xiaofei Bai
9ca09d497f Add writing CertificateRequest msg on server side 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-05-07 01:37:04 +00:00
Ronald Cron
25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext 
TLS1.3: add writing encrypted extensions on server side.
 2022-05-06 13:54:45 +02:00
Przemek Stekiel
c1e41bb2b5 rsa.c: remove redundant include of md.h 
rsa.c includes rsa.h that includes md.h

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 11:42:18 +02:00
Przemek Stekiel
ef1fb4a3d3 Deprecate mbedtls_cipher_setup_psa() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 10:55:10 +02:00
Jerry Yu
ef2b98a246 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-06 16:40:05 +08:00
Jerry Yu
f86eb75c58 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-06 11:16:55 +08:00
Neil Armstrong
8ecd66884f Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-05 14:01:49 +02:00
Jerry Yu
e110d258d9 Add set outbound transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-05 19:59:59 +08:00
Werner Lewis
e59a531455 Fix memcpy() UB in mbedtls_asn1_named_data() 
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-05-04 11:45:06 +01:00
Neil Armstrong
80f6f32495 Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
044a32c4c6 Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
cd05f0b9e5 Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
e952a30d47 Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
61f237afb7 Remove PSA-only code dealing with non-opaque PSA key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
501c93220d Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
b743d95051 Do not erase input key in psa_tls12_prf_psk_to_ms_set_key() 
When ALG_TLS12_PSK_TO_MS() is used, first derivation is correct
but the following derivations output data is incorrect.

This is because input key is erased in psa_tls12_prf_psk_to_ms_set_key()
since commit 03faf5d2c1.

Fixes: 03faf5d2c1 ("psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage")
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:06:22 +02:00
Neil Armstrong
30beca35f1 Guard pk_opaque_rsa_decrypt() with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 
Then mbedtls_pk_error_from_psa_rsa() also needs to be guarded with
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR to be used by pk_opaque_rsa_decrypt()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:02:37 +02:00
Jerry Yu
9da5e5a2f2 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 15:46:09 +08:00
Jerry Yu
de66d12afc remove out couter reset 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 12:15:19 +08:00
Jerry Yu
39730a70cd remove variable initial 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 12:14:04 +08:00
Jerry Yu
8937eb491a fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 12:12:14 +08:00
Neil Armstrong
6c26adc900 Do not make pk_opaque_rsa_decrypt() depend on MBEDTLS_RSA_C 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-02 14:43:04 +02:00
Neil Armstrong
1082818003 Implement PK Opaque RSA decrypt 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-02 09:14:58 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque 
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
 2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx 
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
 2022-04-29 10:47:16 +02:00
Przemek Stekiel
169bf0b8b0 Fix comments (#endif flags) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-29 07:53:29 +02:00
Neil Armstrong
a1fc18fa55 Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-28 13:27:59 +02:00
Gilles Peskine
8855e36030
Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup 
Cipher cleanup: abstract TLS mode
 2022-04-28 12:33:38 +02:00
Przemek Stekiel
8a4b7fd7c3 Optimize code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-28 10:21:03 +02:00
Jerry Yu
ab452cc257 fix name issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-28 15:27:08 +08:00
Przemek Stekiel
8abcee9290 Fix typos 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-28 09:16:28 +02:00
Neil Armstrong
2230e6c06d Simplify PSA transform->ivlen set in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-27 10:36:14 +02:00
Neil Armstrong
3bf040ed70 Reorganize PSA/!PSA code in mbedtls_ssl_ticket_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-27 10:35:28 +02:00
Gilles Peskine
301711e96e Simplify mbedtls_ssl_get_base_mode 
Reduce the amount of ifdef's by making the USE_PSA_CRYPTO and
non-USE_PSA_CRYPTO definitions independent.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-27 10:28:55 +02:00
Gilles Peskine
e108d987ea Simplify mbedtls_ssl_get_mode 
Reduce the imbrications between preprocessor directives and C instructions.
Handle encrypt-then-mac separately.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-27 10:28:55 +02:00
Jerry Yu
4d3841a4d1 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-25 19:41:47 +08:00
Xiaofei Bai
cba64af50d TLS1.3: add writing encrypted extensions 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-04-25 19:41:47 +08:00
Ronald Cron
eecd0d2fc3
Merge pull request #5679 from yuhaoth/pr/add-tls13-write-server-hello 2022-04-25 09:28:40 +02:00
Jerry Yu
e65d801580 fix undeclare error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-23 10:34:35 +08:00
Biswapriyo Nath
d7e0ee42b8 cmake: Fix runtime library install location in mingw 
This install DLLs in bin directory instead of lib.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
 2022-04-22 20:59:50 +05:30
Biswapriyo Nath
0f2e87bdf5 cmake: Use GnuInstallDirs to customize install directories 
Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable.
For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
 2022-04-22 20:59:28 +05:30
Gilles Peskine
2f8c2a5fc5
Merge pull request #5753 from tom-cosgrove-arm/fix-missing-prototypes-warnings-a64-sha256-sha512 
Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration
 2022-04-22 16:45:23 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap 
Improve benchmarking of ECC heap usage
 2022-04-22 16:43:11 +02:00
Jerry Yu
955ddd75a3 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 22:27:33 +08:00
Przemek Stekiel
99114f3084 Fix build flags for opaque/raw psk checks 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:34 +02:00
Przemek Stekiel
cb322eac6b Enable support for psa opaque DHE-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel
b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel
14d11b0877 Enable support for psa opaque ECDHE-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:53:55 +02:00
Przemek Stekiel
19b80f8151 Enable support for psa opaque ECDHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel
51a1f36be0 setup_psa_key_derivation(): change salt parameter to other_secret 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel
aeb710fec5 Enable support for psa opaque RSA-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel
f2534ba69b tls12_client: skip PMS generation for opaque RSA-PSK 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Przemek Stekiel
c2033409e3 Add support for psa rsa-psk key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Przemek Stekiel
ae4ed30435 Fix naming: random bytes are the seed (not salt) in derivation process 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Przemek Stekiel
1f02703e53 setup_psa_key_derivation(): add optional salt parameter 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Manuel Pégourié-Gonnard
55132c6a9a
Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context 
TLS ECDH 4: remove legacy context
 2022-04-22 14:27:06 +02:00
Neil Armstrong
76b7407bd7 Use MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM to enable ssl_write_encrypt_then_mac_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
f2c82f0a3b Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
ccc074e44d Use correct condition to use encrypt_then_mac in ssl_tls.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
d1be7674a4 Use PSA_BLOCK_CIPHER_BLOCK_LENGTH instead of PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
6b27c97a91 Rename mbedtls_get_mode() to mbedtls_ssl_get_mode() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
ab555e0a6c Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
858581e81a Remove cipher_info in mbedtls_ssl_ticket_setup() when USE_PSA_CRYPTO is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
a0eeb7f470 Remove cipher_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
7fea33ea4d Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
fe635e42c9 Use mbedtls_get_mode_from_ciphersuite() in server-side ssl_write_encrypt_then_mac_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
4bf4c8675f Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
136f8409df Replace PSA/Cipher logic with mbedtls_get_mode_from_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:26 +02:00
Neil Armstrong
8a0f3e8cf0 Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:26 +02:00
Jerry Yu
a09f5e98ef fix build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:46:03 +08:00
Jerry Yu
cfc04b3541 Update comments in write server hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:02 +08:00
Jerry Yu
e74e04af1a Rename write supported_versions ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:02 +08:00
Jerry Yu
d9436a1baa remove guards for write_key_share 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:02 +08:00
Jerry Yu
57d4841eda fix write key_share issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:02 +08:00
Jerry Yu
637a3f1090 fix various issues 
typo issue, variable `ret` init value
and remove finalize_server_hello

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
1c3e688df1 fix comments issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
349a61388b fix write selected_version fail 
And rename write_supported_versions to
write selected_version

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
fb9f54db8c fix comments issue 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
89e103c54c tls13: Share write ecdh_key_exchange function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
3bf2c6449d tls13: write server hello compile pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
56404d70c4 tls13:server:Add finalize write_server_hello and dummy body 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
f4b27e4351 tls13:server:Add prepare write_server_hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu
5b64ae9bad tls13:server:Add base framework for serverhello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server 
Add client hello into server side
 2022-04-22 10:26:00 +02:00
XiaokangQian
e8ff350698 Update code to align with tls13 coding standard 
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-22 02:34:40 +00:00
Leonid Rozenboim
287527042b Avoid potentially passing NULL arguments 
Several call sites flagged by Coverity that may potentially cause
a pointer argument to be NULL.

In two cases the issue is using a function call as a parameter to
a second function, where the first function may return NULL, while
the second function does not check for the NULL argument value.

Remaining case is when static configuration is mixed with run-time
decision, that could result in a data buffer argument being NULL.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-04-21 18:00:52 -07:00
Manuel Pégourié-Gonnard
70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2 
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
 2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard
90c70146b5
Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign 
RSA-PSS sign 1: PK
 2022-04-21 17:11:18 +02:00
XiaokangQian
4d3a60475c Change default config version to development style 
Change-Id: I9c1088f235524211e727d03b96de8d82e60bd426
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 13:46:17 +00:00
XiaokangQian
4e8cd7b903 Remove useless selected_group 
Change-Id: I5fb76b5bf4b22d0231c17314783781f9e7c309a3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 13:30:18 +00:00
Neil Armstrong
13e76be02b Reorganize & simplify mbedtls_pk_sign_ext() handling of wrapped RSA-PSS 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-21 12:08:52 +02:00
Przemek Stekiel
4e47a91d2e Fix indentation issues 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel
03faf5d2c1 psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel
937b90febf Add null check for pms allocation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel
e47201b34a rename: psa_tls12_prf_set_other_key->psa_tls12_prf_psk_to_ms_set_other_key and adapt code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel
2503f7e4cb Handle empty other secret when passed with input bytes 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
XiaokangQian
060d867598 Update parse_key_share in server side and version config 
Change-Id: Ic91c061027d0ee4dca2055df21809cbb4388f3ef
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 09:24:56 +00:00
XiaokangQian
0a1b54ed73 Minor change the place of some functions 
Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 03:01:38 +00:00
XiaokangQian
75d40ef8cb Refine code base on review 
Remove useless hrr code
Share validate_cipher_suit between client and server
Fix test failure when tls13 only in server side

Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 11:05:24 +00:00
XiaokangQian
318dc763a6 Fix test failure issue and update code styles 
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 09:43:51 +00:00
XiaokangQian
de33391fa0 Rebase and solve conflicts 
Change-Id: I7f838ff5b607fe5e6b68d74d0edc1def8fc9a744
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 08:49:42 +00:00
XiaokangQian
0803755347 Update code base on review comments 
Refine named_group parsing
Refine cipher_suites parsing
Remove hrr related part
Share code between client and server side
Some code style changes

Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:50:14 +00:00
XiaokangQian
17f974c63e Re-order the ciphersuite matching code in parse_client_hello 
Change-Id: I16d11bca42993d4abc2a1b19fa087366c591927c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
84823779ce Only store the first group in ssl_tls13_parse_supported_groups_ext() 
Change-Id: I4427149aeb6eb453150e522e4c7b11187e2e3825
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
3f84d5d0cd Update test cases and fix the test failure 
Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
b67384d05c Fix coding style and comments styles 
Change-Id: Ifa37a3288fbb6b5206fc0640fa11fa36cb3189ff
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
f8ceb94fe7 Fix the parse_sig_alg_ext fail issue 
Change-Id: Ib31e0929c5b6868ab6c3023b20472321fc07ba3c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
8f9dfe41c0 Fix comments about coding styles and test cases 
Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8 Fix comments and remove hrr related code 
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
ed582dd023 Update based on comments 
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello

Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
4080a7f687 Change code style and some share functions 
Change variables and functions name style
Refine supported_version
Refine client hello parse

Change-Id: Iabc1db51e791588f999c60db464326e2bdf7b2c4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
9b5d04b078 Share parse_key_share() between client and server 
Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
c4b8c99a38 Rebase and solve conflicts and issues 
Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
8840888fbc Fix some CI issues 
Change-Id: I68ee024f29b7b8dd586f2c45e91950657e76bad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
c5763b5efd Change some code style 
Change-Id: I67bb642e81693489345867ca87d7e9daa22f83ea
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
3207a32b1e Fix unused parameter issue and not defined cookie issue 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
7ac3ab3404 Add hello retry request count for server 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
a9c58419f2 Fix compile and test issues 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
7807f9f5c9 Add client hello into server side 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
Ronald Cron
fd8cbda3ec Remove ECDH code specific to TLS 1.3 
ECDH operations in TLS 1.3 are now done through PSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-04-19 18:31:24 +02:00
Ronald Cron
fd6193c285 ssl_tls13_client: Add downgrade attack protection 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-04-19 18:31:24 +02:00
Ronald Cron
217d699d85 Fix Doxygen marks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-04-19 18:28:51 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers 
Unify internal/external TLS protocol version enums
 2022-04-19 17:05:26 +01:00
Tom Cosgrove
c144ca6473 Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration 
Fixes #5752

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-04-19 13:52:24 +01:00
Hanno Becker
606cb1626f Add comment explaining structure of UMAAL assembly 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-17 06:59:33 +01:00
Hanno Becker
d46d96cc3f Add 2-fold unrolled assembly for umaal based multiplication 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-17 06:19:55 +01:00
Hanno Becker
63eb28c728 Use separate counters for 8-fold and single multiplication steps 
Compilers are likely to generate shorter assembly for loops of the
form `while( cnt-- ) { ... }` rather than
`for( ; count >= X; count -= X ) { ... }`. (E.g. the latter needs
a subtract+compare+branch after each loop, while the former only
needs decrement+branch).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-17 06:16:03 +01:00
Hanno Becker
eacf3b9eb4 Simplify organization of inline assembly for bignum 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-17 06:16:03 +01:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail 
PSA: systematically test operation failure
 2022-04-15 10:52:47 +02:00
Manuel Pégourié-Gonnard
63ed7cbf36
Merge pull request #5701 from hanno-arm/mpi_mul_hlp 
Make size of output in mpi_mul_hlp() explicit
 2022-04-15 10:09:06 +02:00
Glenn Strauss
8315811ea7 Remove restrictive proto ver negotiation checks 
Overly restrictive protocol version negotiation checks might be
"version intolerant".  TLS 1.3 and DTLS 1.3 move the version to
the "supported_versions" ClientHello extension.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
bbdc83b55b Use mbedtls_ssl_protocol_version in public structs 
Use mbedtls_ssl_protocol_version in public structs, even when doing
so results in a binary-incompatible change to the public structure

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
cd78df6aa4 handshake->min_minor_ver to ->min_tls_version 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
041a37635b Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks 
mbedtls no longer supports earlier TLS protocol versions

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version 
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d mbedtls_ssl_config min_tls_version, max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).

New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:39:43 -04:00