Ronald Cron
7a94aca81a
Move state change from CLIENT_CERTIFICATE to its main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-10 13:58:04 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
...
server certificate selection callback
2022-03-10 11:51:42 +01:00
Przemek Stekiel
fd32e9609b
ssl_parse_client_key_exchange(): read the curve identifier and the peer's public key and compute the shared secret using PSA
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-09 16:01:59 +01:00
Przemek Stekiel
b6ce0b6cd8
ssl_prepare_server_key_exchange(): generate a private/public key and write out the curve identifier and public key using PSA
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-09 16:01:50 +01:00
Ronald Cron
5bb8fc830a
Call Certificate writing generic handler only if necessary
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
Ronald Cron
3f20b77517
Improve comment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
Ronald Cron
00d012f2be
Fix type of force_flush parameter
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
Ronald Cron
9f55f6316e
Move state change from CSS states to their main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
Ronald Cron
3addfa4964
Move state change from WRITE_CLIENT_HELLO to its main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
Ronald Cron
66dbf9118e
TLS 1.3: Do not send handshake data in handshake step handlers
...
Send data (call to mbedtls_ssl_flush_output()) only from
the loop over the handshake steps. That way, we do not
have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE
error code) on the network in handshake step handlers.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
Ronald Cron
9df7c80c78
TLS 1.3: Always go through the CLIENT_CERTIFICATE state
...
Even if certificate authentication is disabled at build
time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state.
It simplifies overall the code for a small code size
cost when certificate authentication is disabled at build
time. Furthermore that way we have only one point in the
code where we switch to the handshake keys for record
encryption.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:50:08 +01:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn
...
Port ALPN support for tls13 client from tls13-prototype
2022-03-08 17:53:38 +00:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
...
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
Przemek Stekiel
c85f0912c4
psa_crypto.c, test_suite_psa_crypto.function: fix style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-08 11:37:54 +01:00
Gilles Peskine
44311f5c98
Merge pull request #5571 from superna9999/5162-pk-rsa-signing
...
PK: RSA signing
2022-03-07 17:09:14 +01:00
Gilles Peskine
15364ffb03
Merge pull request #5579 from SiliconLabs/erase_secret_before_free
...
Erase secrets in allocated memory before freeing said memory
2022-03-07 17:04:04 +01:00
Neil Armstrong
6d5baf5f1e
Use PSA MAC verify API in mbedtls_ssl_cookie_check()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-07 14:33:21 +01:00
Neil Armstrong
be52f500c8
Use PSA_ALG_TRUNCATED_MAC() to limit to COOKIE_HMAC_LEN in mbedtls_ssl_cookie_setup()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-07 14:33:21 +01:00
Neil Armstrong
7cd0270d6c
Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-07 14:33:21 +01:00
Neil Armstrong
2217d6f825
Generate cookie MAC key with psa_generate_key
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-07 14:33:21 +01:00
pespacek
b9ca22dead
Improving readability of x509_crt and x509write_crt for PR
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-03-07 13:59:44 +01:00
pespacek
d924e55944
Improving readability of x509_crt and x509write_crt
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-03-07 13:31:54 +01:00
Przemek Stekiel
7fc0751f78
Restore build options for mbedtls_ecc_group_of_psa() and related functions
...
Additional issue created to simplifiy usage of BUILTIN_KEY_TYPE_xxx && BUILTIN_ALG_yy macros https://github.com/ARMmbed/mbedtls/issues/5596
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-06 20:43:46 +01:00
Neil Armstrong
77b69ab971
Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-04 14:45:45 +01:00
Neil Armstrong
23d34ce372
Use PSA HMAC API in ssl_cookie_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-04 14:45:45 +01:00
Neil Armstrong
d633201279
Import PSA HMAC key in mbedtls_ssl_cookie_setup()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-04 14:45:18 +01:00
Andrzej Kurek
09e803ce0d
Provide a dummy implementation of timing.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
108bf520e0
Add a missing guard for time.h in net_sockets.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Daniel Axtens
f071024bf8
Do not include time.h without MBEDTLS_HAVE_TIME
...
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."
If that is not defined, do not attempt to include time.h.
A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Neil Armstrong
bca99ee0ac
Add PSA key in mbedtls_ssl_cookie_ctx
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-04 10:20:20 +01:00
Neil Armstrong
e87804920a
Use new PSA to mbedtls PK error mapping functions in rsa_decrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:54:16 +01:00
Neil Armstrong
b556a42656
Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
f47135756c
Map INVALID_PADDING from PSA to MbedTLS error in rsa_decrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
0d46786034
Fix style issue in rsa_decrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
f1b564bb8d
Check psa_destroy_key() return in rsa_decrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
18f43c7304
PK: RSA decrypt PSA wrap implementation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
e4edcf761d
Use new PSA to mbedtls PK error mapping functions in ecdsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:46:41 +01:00
Neil Armstrong
ff70f0bf77
Check psa_destroy_key() return in rsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
edcc73c992
Fix 80 characters indentation in ecdsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
dab14de96a
Use now shared ECP_PRV_DER_MAX_BYTES define in pk_wrap.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
15021659d1
Move pk_ecdsa_sig_asn1_from_psa() before ecdsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
5874aa38f7
Fix style issue in find_ecdsa_private_key()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
cf5a215a43
Check psa_destroy_key() return in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
e960690b89
PK: ECDSA signing PSA wrap implementation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
db69c5213f
Use new PSA to mbedtls PK error mapping functions in rsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:41:23 +01:00
Neil Armstrong
66fa769ae8
Fix 80 characters indentation in rsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Neil Armstrong
4b1a059f7d
Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Neil Armstrong
48a9833cdf
Check psa_destroy_key() return in rsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Neil Armstrong
e4f28688fd
Fix comment typo in rsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Neil Armstrong
9854568204
PK: RSA signing PSA wrap implementation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Neil Armstrong
3770e2483f
Use new PSA to mbedtls PK error mapping functions in pk_wrap.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:37:33 +01:00
Neil Armstrong
deb4bfb2b9
Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
9dccd866c3
Check psa_destroy_key() return in ecdsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
7dd3b20d36
Check psa_destroy_key() return in rsa_encrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
ac014ca5d9
Fix comment typos in rsa_encrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
96a16a429b
PK: RSA encrypt PSA wrap implementation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Gilles Peskine
1f13e984ad
Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls
...
Rename, move and refine PSA to mbedtls PK errors mappings
2022-03-03 13:30:29 +01:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters
...
Add function to get message digest info from context
2022-03-02 16:44:26 +01:00
Gilles Peskine
e8c8300190
Merge pull request #5581 from superna9999/pk-move-rename-rsa-ec-key-sizes
...
Move max sizes of RSA & EC DER keys into public header
2022-03-02 16:41:53 +01:00
Neil Armstrong
6828d8fdc4
Return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if MAC algorithm isn't supported in ssl_tls.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-02 15:37:11 +01:00
Neil Armstrong
6958bd0206
Clean aux_out in PSA version of mbedtls_ct_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-02 15:37:11 +01:00
Neil Armstrong
4313f55a13
Simplify error handling of PSA mac operationsg in ssl_msg.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-02 15:37:04 +01:00
Neil Armstrong
321116c755
Remove spurious debug in ssl_tls12_populate_transform()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-02 15:06:15 +01:00
Przemek Stekiel
e894c5c4a5
Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-02 08:45:56 +01:00
Paul Elliott
06898650f9
Merge pull request #5471 from yuhaoth/pr/add-tls13-client-certificate-verify
...
TLS1.3: Add write client Certificate and CertificateVerify
2022-03-01 18:42:00 +00:00
Przemek Stekiel
15565eeb59
Move publick key check out of MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 17:01:39 +01:00
Neil Armstrong
19915c2c00
Rename error translation functions and move them to library/pk_wrap.*
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 15:21:02 +01:00
Przemek Stekiel
a81aed2dae
Clean up init values of psa crypto status and fix switch default case
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 15:13:30 +01:00
Przemek Stekiel
f110dc05be
Clenup conditional compilation flags.
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 14:48:05 +01:00
Przemek Stekiel
dcab6ccb3b
Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled.
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 14:29:49 +01:00
Neil Armstrong
0f49f83625
Use now shared ECP_PUB_DER_MAX_BYTES define in pk_wrap.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 10:05:33 +01:00
Neil Armstrong
e9ecd27890
Rename max sizes of RSA & EC DER keys defines
...
Rename to match the required pattern of defines:
'^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$'
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 10:03:21 +01:00
Neil Armstrong
e0326a6acc
Move max sizes of RSA & EC DER keys into private pkwrite.h
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 09:58:58 +01:00
Glenn Strauss
6989407261
Add accessor to retrieve SNI during handshake
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b
Provide means to reset handshake cert list
...
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null. Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0
Add server certificate selection callback
...
https://github.com/ARMmbed/mbedtls/issues/5430
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 17:31:49 -05:00
Neil Armstrong
e858996413
Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf()
...
Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:17:50 +01:00
Neil Armstrong
2968d306e4
Implement mbedtls_ct_hmac() using PSA hash API
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:50 +01:00
Neil Armstrong
cf8841a076
Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined
...
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
26e6d6764e
Use PSA MAC API in mbedtls_ssl_encrypt/decrypt_buf()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
0760ade761
Setup & Import HMAC keys in ssl_tls12_populate_transform()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Steven Cooreman
cd5be32191
Erase secrets in allocated memory before freeing said memory
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2022-02-25 11:14:59 +01:00
Andrzej Kurek
a0237f86d3
Add missing key destruction calls in ssl_write_client_key_exchange
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-25 04:36:40 -05:00
Tom Cosgrove
7e7aba8c9d
Rename mbedtls_a64_crypto_sha256_check_support() to mbedtls_a64_crypto_sha256_determine_support()
...
The Mbed TLS coding standard specifies that "check" functions must return 0
for success (i.e. feature present), while "has" functions should return 1 for
true. Since we were using "check" to do the actual check, and "has" to get the
cached value, having inverted values here would be confusing. Therefore,
rename "check" to "determine", as that's what those functions are doing.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-24 08:33:11 +00:00
Jerry Yu
71f36f1d2e
change alert message type
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 17:34:29 +08:00
Neil Armstrong
39b8e7dde4
Add, Initialize & Free HMAC keys in mbedtls_ssl_transform
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-23 09:24:57 +01:00
Jerry Yu
0b7b101b3b
fix warnings
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 12:26:48 +08:00
Jerry Yu
2ff6ba1df0
Remove rsa_pss_rsae_sha256 support.
...
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 10:38:25 +08:00
Przemyslaw Stekiel
91ebfc0402
Adapt compilation flags for ECC key derivation
...
Use conditional compilation flags for building ECC key derivation code consistent with flags used for mbedtls_ecc_group_of_psa().
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 15:50:30 +01:00
Neil Armstrong
3f9cef4547
Remove actual and use new PSA to mbedtls PK errors mapping functions
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 15:44:39 +01:00
Neil Armstrong
ea761963c5
Add specialized PSA to mbedtls PK/RSA error mapping function
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 14:37:00 +01:00
Neil Armstrong
cd501f406e
Add specialized PSA to mbedtls PK/ECDSA error mapping function
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 14:37:00 +01:00
Neil Armstrong
a3fdfb4925
Introduce new PSA to mbedtls PK error mapping function
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 14:37:00 +01:00
Przemyslaw Stekiel
76960a7217
mbedtls_mpi_read_binary() document that function guarantees to return an MPI with exactly the necessary number of limbs and remove redundant call to mbedtls_mpi_grow()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
aeaa4f0651
Code optimization
...
- fix codding style
- fix comments and descriptions
- add helper function for montgomery curve
- move N-2 calculation outside the loop
- fix access to <data> bytes: *data[x] -> (*data)[x]
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
6d3d18b2dc
psa_generate_derived_key_internal, psa_generate_derived_ecc_key_weierstrass_helper: optimize the code
...
Perform the following optimizations:
- fix used flags for conditional compilation
- remove redundant N variable
- move loop used to generate valid k value to helper function
- fix initial value of status
- fix comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
924815982a
Workaround for VS compiler build error
...
The following error was reported by CI for win32/release builds:
37>Done Building Project "C:\builds\workspace\mbed-tls-pr-head_PR-5139-head\worktrees\tmp_nn5muy8\visualc\VS2010\gen_entropy.vcxproj.metaproj" (Rebuild target(s)).
67>c:\builds\workspace\mbed-tls-pr-head_pr-5139-head\worktrees\tmp_nn5muy8\library\psa_crypto.c(4840): fatal error C1001: An internal error has occurred in the compiler. [C:\builds\workspace\mbed-tls-pr-head_PR-5139-head\worktrees\tmp_nn5muy8\visualc\VS2010\key_ladder_demo.vcxproj]
(compiler file 'f:\dd\vctools\compiler\utc\src\p2\main.c', line 228)
To work around this problem, try simplifying or changing the program near the locations listed above.
Please choose the Technical Support command on the Visual C++
Help menu, or open the Technical Support help file for more information
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
e33ae7186e
psa_crypto.c: adapt macros
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
dc215f4b97
Simplify calculations for clear mask
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
d80b6ed46d
Use loop instead goto and fix misleading variable name
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
dc8d7d9211
fix mbedtls/psa status code mismatch
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
871a336028
Remove redundant psa_generate_derived_ecc_key_weierstrass_check_config()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
aaa1ada086
psa_generate_derived_ecc_key_weierstrass_check_config: Build only when ECC enabled
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
50fcc535e5
Add Weierstrass curve/bits consistancy check + negative test vectors
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
58ce8d8fb6
Add support for Montgomery curves
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
705fb0f918
Only Weierstrass curves supported
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
c6e4c512af
psa_crypto.c: fix warning on windows compiler
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel
1dfd1224dc
psa_generate_derived_ecc_key_helper: compile only when ECC is supported
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel
653481632e
psa_generate_derived_ecc_key_helper: fix bugs found during testing
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel
d8cdcba970
Move derivation of ECC private key to helper function and refactor code
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel
1608e33606
PSA: implement key derivation for ECC keys
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:26:46 +01:00
Jerry Yu
782720787f
Refactor write_certificate_verify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:28:13 +08:00
Jerry Yu
2124d05e06
Add sha384 and sha512 case
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
d66409ae92
Add non support sig alg check and test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
c8d8d4e01a
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
7db5b8f68c
add rsa_pss_rsae_sha256 write support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
3391ac00d3
fix various issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
ca133a34c5
Change state machine
...
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
537530d57a
Add certificate request echo
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
3e536442f5
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
a23b9d954c
fix undefine error
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
7399d0d806
refactor write certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
1bb5a1ffe3
Implement received sig_algs check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
32e0c2d526
fix server only build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
90f152dfac
fix psk only build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
72637c734b
fix write certificate fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
8511f125af
Add certificteVerify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
5cc3506c9f
Add write certificate and client handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
566c781290
Add dummy state for client_certifiate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Ronald Cron
4579a972bf
Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1
...
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard
e3a2dd787e
Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa
...
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
2022-02-21 16:58:57 +01:00
Gabor Mezei
d860e0f18b
Add comment
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:39 +01:00
Gabor Mezei
0e7c6f4961
Check return value of psa_destroy_key
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:39 +01:00
Gabor Mezei
26c6741c58
Add better name for variable.
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:39 +01:00
Gabor Mezei
320d21cecf
Update documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:39 +01:00
Gabor Mezei
c5efb8e58b
Use PSA error code
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:38 +01:00
Gabor Mezei
89c1a95f8f
Delete leftover code
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:42:59 +01:00
Gabor Mezei
b1f53976ee
Add documentation for mbedtls_psa_hkdf_extract
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:42:59 +01:00
Gabor Mezei
62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible
...
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:42:57 +01:00
Gabor Mezei
9f4bb319c9
Implement HKDF extract in TLS 1.3 based on PSA HMAC
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:23:29 +01:00
Gilles Peskine
66971f8ab1
Add prototype for automatically generated debug helper
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
c63a1e0e15
Fix mbedtls_ssl_get_version() for TLSv1.3
...
Test it in ssl-opt.sh.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
e1a0c25f71
New function to access the TLS version from a context as an enum
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Tom Cosgrove
b9987fc344
Handle MBEDTLS_SHA256_USE_A64_* on Windows on ARM64 too
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-21 12:26:11 +00:00
Paul Elliott
436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build
...
TLS1.3:Enable tls13 only build
2022-02-21 11:22:37 +00:00
Tom Cosgrove
f3ebd90a1c
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
...
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.
The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.
There should be minimal code size impact if no A64_CRYPTO option is set.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-21 08:37:26 +00:00
Manuel Pégourié-Gonnard
9b545c04f7
Merge pull request #5520 from gabor-mezei-arm/5402_implement_hkdf_expand_based_on_psa_hmac
...
HKDF 1b: Implement Expand in TLS 1.3 based on PSA HMAC
2022-02-21 09:30:31 +01:00
Jerry Yu
f1b23caa4e
move wrong comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
18621dfd23
remove extra empty line
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
50f2f703a7
remove extra guards
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
840fbb2817
guards populate_transform reference
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
4f9e3efbeb
move session_save/load_tls12
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
d9d91da7c7
move sig_hash_*
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
ee40f9d4b3
move get_key_exchange_md_tls12
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
9bccc4c63f
move populate_transform
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
e93ffcd2c7
move tls_prf_get_type
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
392112c058
move tls12prf_from_cs
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
0b3d7c1ea1
move parse_finished
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
3c8e47bbbf
move write_finished
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
2a9fff571d
move wrapup
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
aef0015ba0
move wrapup_free_hs_transform
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
b7ba49ef74
move calc_finished_tls_sha384
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
615bd6f5b9
move calc_finished_tls_sha256
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
d952669ad8
move write_certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
c2c673da59
move resend_hello_request
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
ce3dca4175
move psk_derive_premaster
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
c1cb384708
move calc_verify_tls_sha384
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
8392e0dae4
move calc_verify_tls_sha256
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
d62f87e151
move derive_keys
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
2a7b5ac791
move compute_master
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
d6ab235972
move use_opaque_psk
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
f009d86186
move set_handshake_prfs
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
dc7bd17d11
move tls_prf_sha256/384
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
ed14c93008
add static prototypes
...
prepare for moving functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:01 +08:00
Jerry Yu
53d23e2c95
Guards tls_prf functions with TLS1_2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
c73c618094
Wrap function not used by test_tls13_only
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
# Conflicts:
# library/ssl_tls13_generic.c
2022-02-21 09:06:00 +08:00
Jerry Yu
bef175db96
Wrap derive_keys with TLS1_2 option
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
cc43c6bee5
fix coding style issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
e754193e87
Remove guard inside ssl_srv.c
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
fb4b6478ee
tls13_only: improve guards of files.
...
To improve readability of the preprocess guards.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
db8c48aaff
tls13_only:Remove unnecessary functions
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
7d2396332d
fix wrong setting of max_minor version
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
c5aef88be6
tls13_only: guard ssl_{cli,srv}.c with TLS1_2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
c10f6b4735
tls13_only: simple test pass
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
c3091b1c8c
tls13_only: compile pass
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Andrzej Kurek
d70fa0e327
Restructure error handling in mbedtls_pk_verify_ext
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-17 10:51:15 -05:00
pespacek
3015148ae6
Improving readability
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-17 16:08:23 +01:00
Gabor Mezei
8e3602569b
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-17 11:50:02 +01:00
Manuel Pégourié-Gonnard
4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0
...
feat: Update test_suite_psa_its to NOT use UID=0
2022-02-17 11:49:33 +01:00
Gilles Peskine
57b1ff39c2
Merge pull request #5377 from hanno-arm/ecp_add_mixed_fewer_mpis
...
Minor improvements to ECC arithmetic subroutines
2022-02-17 10:27:18 +01:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto
...
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
2022-02-16 17:33:47 +01:00
Andrzej Kurek
59550537f0
Change signature_length type to size_t
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-16 07:46:42 -05:00
Andrzej Kurek
4a953cdd9f
pk: properly handle signatures in larger buffers when using PSA
...
As stated in function documentation.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-16 06:13:35 -05:00
Gabor Mezei
8d5a4cbfdb
Check return value of psa_destroy_key
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:23:17 +01:00
Gabor Mezei
833713c35c
Add better name for variable
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:16:08 +01:00
Andrzej Kurek
8666df6f18
Add signature length mismatch handling when using PSA in pk_verify_ext
...
Introduce a regression test for that too.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 08:23:02 -05:00
Andrzej Kurek
90ba2cbd0a
Cosmetic changes to return placement and variable naming
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 08:18:44 -05:00
Manuel Pégourié-Gonnard
a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref
...
Ensure ctr_drbg is initialised every time in fuzz_server
2022-02-15 10:31:03 +01:00
Ronald Cron
b788c044b7
Use PSA status to Mbed TLS error code conversion function
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-15 09:14:15 +01:00
Manuel Pégourié-Gonnard
e14b644f4d
Merge pull request #5456 from mpg/cleanup-ecdh-psa
...
Cleanup PSA-based ECDHE in TLS 1.2
2022-02-15 09:09:07 +01:00
Przemyslaw Stekiel
0f5ecefbe9
Clean up the code
...
- remove redundant local buffer
- fix code style
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-15 08:53:36 +01:00
Przemyslaw Stekiel
4b3fff43a8
Destroy ecdh_psa_privkey on HRR
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-15 08:53:26 +01:00
Przemyslaw Stekiel
169f115bf0
ssl_client2: init psa crypto for TLS 1.3 build
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 17:15:04 +01:00
lhuang04
86cacac91a
Port ALPN support for tls13 client from tls13-prototype
...
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124 ).
Test Plan:
Reviewers:
Subscribers:
Tasks:
Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
2022-02-14 08:03:32 -08:00
pespacek
a6e955e729
X.509: x509write_crt_set_key_identifier created
...
Function mbedtls_x509write_crt_set_key_identifier
was implemented to provide functionality of both
mbedtls_x509write_crt_set_authority_key_identifier
and
mbedtls_x509write_crt_set_subject_key_identifier.
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-14 15:20:57 +01:00
pespacek
a7a646986f
Improving readability
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-14 15:18:43 +01:00
pespacek
b9f07a79a7
Changing buffer size checks.
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-14 15:13:26 +01:00
pespacek
3110c7b340
Changing error codes.
...
Change from MBEDTLS_ERR_ERROR_GENERIC_ERROR
to MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
where PSA crypto is used.
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-14 15:07:41 +01:00
PeterSpace
c2774a3ad4
Update library/psa_its_file.c
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
2022-02-14 12:24:56 +01:00
Przemyslaw Stekiel
4f419e55a1
ssl_tls13_write_key_share_ext: initialize key_exchange_len (compiler warning)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 10:19:53 +01:00
Przemyslaw Stekiel
c0824bfb11
Change mbedtls_ssl_tls13_key_schedule_stage_handshake() to use psa_raw_key_agreement()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 10:19:45 +01:00
Przemyslaw Stekiel
6d6aabdb0d
Remove unused function: ssl_tls13_check_ecdh_params()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 10:13:10 +01:00
Przemyslaw Stekiel
9e23ddb09d
Change ssl_tls13_read_public_ecdhe_share() to use PSA-specific parsing code.
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 10:13:00 +01:00
Ronald Cron
f6893e11c7
Finalize PSA hash operations in TLS 1.3
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 16:10:34 +01:00
Przemyslaw Stekiel
ea859c24b7
Change ssl_tls13_generate_and_write_ecdh_key_exchange() to use PSA
...
Generate ECDH private key using psa_generate_key()
Export the public part of the ECDH private key using psa_export_public_key()
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-11 15:17:05 +01:00
Paul Elliott
00738bf65e
Ensure ctr_drbg is initialised every time
...
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.
Add extra validation to attempt to catch this issue in future.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-10 18:38:53 +00:00
Przemyslaw Stekiel
b15f33d496
Enable ecdh_psa_xxx fields in struct mbedtls_ssl_handshake_params for TLS 1.3
...
These fields need to be enabled for 1.3 even if MBEDTLS_USE_PSA_CRYPTO isn't (1.3 should always use PSA).
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-10 15:24:27 +01:00
Gabor Mezei
9607ab4dbd
Prevent function not used compilation error
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-10 10:57:24 +01:00
Gabor Mezei
a3eecd242c
Implement HKDF expand in TLS 1.3 based on PSA HMAC
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-10 10:57:23 +01:00
Glenn Strauss
a941b62985
Create public macros for ssl_ticket key,name sizes
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 15:28:28 -05:00
Glenn Strauss
a950938ff0
Add mbedtls_ssl_ticket_rotate for ticket rotation.
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:15 -05:00
Andrzej Kurek
7db1b78fff
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
...
Duplicate a test case but with a different expected error
due to error translation to and from PSA.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-09 14:13:44 -05:00
Jerry Yu
7840f81303
fix client_auth fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-09 19:43:22 +08:00
Manuel Pégourié-Gonnard
62b49cd06a
Merge pull request #5472 from yuhaoth/pr/move-client-auth
...
Move client_auth to handshake
2022-02-09 10:57:00 +01:00
Ronald Cron
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
...
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00
Xiaofei Bai
7c8b6a97b9
Update CertificateRequest skip condition
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 15:21:13 +00:00
Jerry Yu
5c7d1cce97
fix typo error
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-08 21:08:29 +08:00
Jerry Yu
2d9a694088
change type of client_auth
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-08 21:07:10 +08:00
pespacek
e990100ddb
BUGFIX: psa_its_set now rejects UID = 0
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 14:05:41 +01:00
pespacek
7599a7744e
X.509: use PSA for hashing under USE_PSA_CRYPTO
...
When MBEDTLS_USE_PSA_CRYPTO is enabled, use psa_hash_xxx rather than
mbedtls_md_xxx.
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 11:27:42 +01:00
Xiaofei Bai
c234ecf695
Update mbedtls_ssl_handshake_free() and address review comments.
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 10:26:42 +00:00
Manuel Pégourié-Gonnard
45c5768a74
Merge pull request #5434 from mprse/tls_use_psa
...
TLS Cipher: use PSA crypto
2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard
5d6053f548
Fix a typo
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 10:26:19 +01:00
Xiaofei Bai
51f515a503
update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 07:28:04 +00:00
Jerry Yu
0ff8ac89f5
fix comments issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-08 10:10:48 +08:00
Przemyslaw Stekiel
c499e33ed0
ssl_msg.c: Change message in MBEDTLS_SSL_DEBUG_RET() to be the failed function name instead current function name
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-07 15:12:05 +01:00
Manuel Pégourié-Gonnard
ff229cf639
Add debug message for wrong curve
...
The non-PSA path has a debug message here, so let's have a similar one
in the PSA case - just add the curve ID to be a bit more informative.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-07 12:00:32 +01:00
Manuel Pégourié-Gonnard
422370d633
Improve a comment and fix some whitespace
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-07 11:55:21 +01:00
Przemyslaw Stekiel
c8a06feae6
ssl_msg.c: Optimize null/stream cipher decryption/encryption
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-07 10:52:47 +01:00
Przemyslaw Stekiel
98ef6dca68
Remove redundant new lines
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-07 08:04:39 +01:00
Przemyslaw Stekiel
6928a5164d
Compile mbedtls_ssl_cipher_to_psa() conditionally under MBEDTLS_USE_PSA_CRYPTO only
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
8c010eb467
Fix comments, code style, remove debug code
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
6b2eedd25f
ssl_msg.c: add debug code for psa failures
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:14 +01:00
Manuel Pégourié-Gonnard
141be6cc7f
Fix missing check on server-chosen curve
...
We had this check in the non-PSA case, but it was missing in the PSA
case.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
0d63b84fa4
Add mbedtls_ssl_check_curve_tls_id() (internal)
...
This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).
Note that new function doesn't depend on ECP_C, as it only requires
mbedtls_ssl_get_groups(), which is always available. As a general rule,
functions for defining and enforcing policy in the TLS module should not
depend on low-level modules but work with TLS-level identifiers are much
as possible, and this new function follows that principle.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
3caa0edb9b
Remove dead preprocessor code
...
There's no way currently (see below regarding the future) that ECC-based
key exchanges are enabled without ECP_C being defined. So, the #if was
fully redundant with the checks surrounding the function, as it always
evaluated to true.
The situation arose as, in the old days (before Mbed TLS 2.0),
mbedtls_ssl_conf_curves() (or ssl_set_curves() as it was called back
then) was optional, controlled by its own compile-time option
POLARSSL_SSL_SET_CURVES. So, in turn mbedtls_ssl_check_curve() depended
on POLARSSL_SSL_SET_CURVES too, and all calls to it were guarded by
that.
When it was made non-optional, a blind
s/POLARSSL_SSL_SET_CURVES/MBEDTLS_ECP_C/ was done, which resulted in
stupid situations like this with redundant checks for ECP_C.
Note regarding the future: at some point it will be possible to compile
with ECC-based key exchanges but without ECP_C. This doesn't change
anything to the reasoning above: mbedtls_ssl_check_curve() will be
available in all builds where ECC is used; it will just need a new
definition (with new guards), but that doesn't change anything for its
callers.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
4a0ac1f160
Remove mbedtls_psa_tls_ecpoint_to_psa_ec()
...
Same reasons as for the previous commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
58d2383ef4
Remove mbedtls_psa_tls_psa_ec_to_ecpoint()
...
Initially this function was doing something because the output format of
psa_export_public() didn't match the ECPoint format that TLS wants.
Then it became a no-op then the output format of psa_export_public()
changed, but it made sense to still keep the function in case the format
changed again. Now that the PSA Crypto API has reached 1.0 status, this
is unlikely to happen, so the no-op function is no longer useful.
Removing it de-clutters the code a bit; while at it we can remove a
temporary stack buffer (that was up to 133 bytes).
It's OK to remove this function even if it was declared in a public
header, as there's a warning at the top of the file saying it's not part
of the public API.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:14 +01:00
Manuel Pégourié-Gonnard
e5119898e4
Improve a comment
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:13 +01:00
Przemyslaw Stekiel
d66387f8fa
Init psa status to PSA_ERROR_CORRUPTION_DETECTED
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:41 +01:00