Commit graph

1883 commits

Author SHA1 Message Date
Valerio Setti
7aeec54094 tls: replace ECDH_C guards with new helpers
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 17:23:53 +02:00
Manuel Pégourié-Gonnard
461d59b2f8
Merge pull request #7858 from mprse/ffdh_tls13_v2_f
Make use of FFDH keys in TLS 1.3 - follow-up
2023-07-07 16:19:35 +02:00
Dave Rodgman
3d0c8255aa
Merge pull request #7825 from daverodgman/cipher_wrap_size
Cipher wrap size improvement
2023-07-05 15:45:48 +01:00
Przemek Stekiel
7ac93bea8c Adapt names: dh -> xxdh
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Przemek Stekiel
6f199859b6 Adapt handshake fields to ffdh
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:25:00 +02:00
Tom Cosgrove
e939464eb7
Merge pull request #7829 from mpg/deduplicate-tls-hashing
De-duplicate TLS hashing functions
2023-07-04 16:06:00 +01:00
Manuel Pégourié-Gonnard
aaad2b6bfc Rename some local variables
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-04 11:35:16 +02:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2
Make use of FFDH keys in TLS 1.3 v.2
2023-07-03 10:12:33 +02:00
Dave Rodgman
85a88133aa Use fewer bits for block_size
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 13:37:28 +01:00
Dave Rodgman
bb521fdbc9 Don't directly access iv_size
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 12:59:31 +01:00
Manuel Pégourié-Gonnard
de33278e43 Unify ssl_calc_finished_tls_sha{256,384}
Saves about 50-60 bytes on m0+ depending on whether USE_PSA is set.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-24 10:13:41 +02:00
Manuel Pégourié-Gonnard
74970664a9 Unify ssl_calc_verify_sha{256,384}
Saves about 40 bytes of code size on m0plus with baremetal_size.

Note: the debug messages are change to no longer include the hash name.
That's not a problem as we already know which alg is used from previous
output, and we can also know it form the size of the printed buffer.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-24 09:43:26 +02:00
Przemek Stekiel
8c0a95374f Adapt remaining guards to FFDH
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-15 17:07:10 +02:00
Andrzej Kurek
15ddda9ff8 Remove PSA_TO_MD_ERR from ssl_tls.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-14 07:37:46 -04:00
Andrzej Kurek
1e4a030b00 Fix wrong array size calculation in error translation code
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-13 05:46:47 -04:00
Andrzej Kurek
b22b9778c7 Move the ARRAY_LENGTH definition to common.h
Reuse it in the library and tests.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-13 05:46:47 -04:00
Andrzej Kurek
0064484a70 Optimize error translation code size
Introducing an intermediate function
saves code size that's otherwise taken by excessive,
repeated arguments in each place that
was translating errors.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-13 05:46:46 -04:00
Przemek Stekiel
da4fba64b8 Further code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
316c19ef93 Adapt guards, dependencies + optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
383f471bf4 Add the DHE groups to the default list of supported groups
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:07 +02:00
Manuel Pégourié-Gonnard
3761e9e8fd Use function instead of macro for error conversion
tests/scripts/all.sh build_arm_none_eabi_gcc_m0plus | grep TOTALS

Before: 323003
After:  322883
Saved:     120 bytes

Not huge, but still nice to have.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
02b10d8266 Add missing include
Fix build failures with config full

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
2d6d993662 Use MD<->PSA functions from MD light
As usual, just a search-and-replace plus:

1. Removing things from hash_info.[ch]
2. Adding new auto-enable MD_LIGHT in build-info.h
3. Including md_psa.h where needed

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
7b1136836c
Merge pull request #7438 from valeriosetti/issue7074
Avoid parse/unparse private ECC keys in PK with USE_PSA when !ECP_C
2023-06-01 10:06:45 +02:00
Gilles Peskine
835be986e0
Merge pull request #7631 from tom-daubney-arm/remove_surplus_loop_condition_issue_7529
Remove extraneous check in for loop condition
2023-05-24 20:24:28 +02:00
Valerio Setti
d0405093d9 tls: use pk_get_group_id() instead of directly accessing PK's structure
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-24 16:02:32 +02:00
Thomas Daubney
f9f0ba8211 Use functions in alignment.h to get value
Refactor code using get functions from alignment.h to
read values.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-05-24 06:24:16 +01:00
Valerio Setti
972077820b tls/x509: minor enhancement for using the new private key format
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-23 15:12:07 +02:00
Thomas Daubney
850a0797ca Remove extraneous check in for loop condition
Issue 7529 uncovered an unrequired check in a for loop
condition in ssl_tls.c. This commit removes said check.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-05-22 12:05:03 +01:00
Valerio Setti
77a75685ed pk: align library and tests code to the new internal functions
Note = programs are not aligned to this change because:
- the original mbedtls_pk_ec is not ufficially deprecated
- that function is used in tests when ECP_C is defined, so
  the legacy version of that function is available in that
  case

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 11:18:46 +02:00
Tom Cosgrove
501fb3abf3
Merge pull request #5894 from Xeenych/patch-1
Reduce RAM - move some variables to .rodata
2023-05-05 14:54:32 +01:00
Valerio Setti
6c496a1553 solve disparities for ECP_LIGHT between ref/accel
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
d4a5d461de library: add remaining changes for the new ECP_LIGHT symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Ronald Cron
097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
3b35455a69 tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
6291b23080 tls: Add logic in handshake step to enable server version negotiation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
8a12aeec93 tls: Initialize SSL context tls_version in mbedtls_ssl_setup()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Valerio Setti
080a22ba75 ssl_tls13: use PSA_WANT_ALG_ECDH as symbol for marking ECDH capability
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
0c8ec3983e ssl_tls: fix proper guards for accelerated ECDH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Manuel Pégourié-Gonnard
7224086ebc Remove legacy_or_psa.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
bef824d394 SSL: use MD_CAN macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Valerio Setti
5d1f29e700 ssl_tls: fix guards for accelerated ECDH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
Manuel Pégourié-Gonnard
18336dace2
Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user
EC J-PAKE: partial fix for role vs user+peer
2023-03-15 09:37:30 +01:00
Dave Rodgman
4a1d3beaee
Merge pull request #7229 from tom-cosgrove-arm/static-assert 2023-03-14 16:57:38 +00:00
Przemek Stekiel
c0e6250ff9 Fix documentation and tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-14 11:49:36 +01:00
Jan Bruckner
151f64283f Add parsing for Record Size Limit extension in TLS 1.3
Fixes #7007

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-14 08:41:25 +01:00
Przemek Stekiel
fde112830f Code optimizations and documentation fixes
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-13 16:28:27 +01:00
Przemek Stekiel
18cd6c908c Use local macros for j-pake slient/server strings
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
4cd20313fe Use user/peer instead role in jpake TLS code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00