Yanray Wang
03a00768c0
tls13: early_data: cli: improve comment
...
This commit improves comment of the check for handshake parameters
in Encrypted Extension.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:40:21 +08:00
Jerry Yu
0af63dc263
improve comments and output message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 17:18:04 +08:00
Jerry Yu
ee4d729555
print received early application data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
e96551276a
switch inbound transform to handshake
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
75c9ab76b5
implement parser of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
b4ed4602f2
implement coordinate of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:34:00 +08:00
Jerry Yu
d5c3496ce2
Add dummy framework of eoed state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:32:31 +08:00
Jerry Yu
59d420f17b
empty process_end_of_early_data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:30:34 +08:00
Ronald Cron
857d29f29a
Merge pull request #8528 from yanrayw/issue/6933/parse-max_early_data_size
...
TLS1.3 EarlyData: client: parse max_early_data_size
2023-12-01 08:27:26 +00:00
Jerry Yu
9b72e39701
re-introduce process_wait_flight2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:27:08 +08:00
Jerry Yu
e32fac3d23
remove wait_flight2 state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:25:16 +08:00
Yanray Wang
e72dfff1d6
tls13: early_data: cli: improve comment
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 12:05:16 +08:00
Yanray Wang
2bef7fbc8d
tls13: early_data: cli: remove guard to fix failure
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 12:02:56 +08:00
Dave Rodgman
059f66ce7c
Remove redundant check
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-30 11:02:03 +00:00
Dave Rodgman
6eee57bc07
Merge remote-tracking branch 'origin/development' into msft-aarch64
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-30 11:01:50 +00:00
Dave Rodgman
12d1c3ad4f
Use MBEDTLS_HAVE_NEON_INTRINSICS in aesce
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-30 09:38:38 +00:00
Dave Rodgman
d879b47b52
tidy up macros in mbedtls_xor
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-30 09:35:14 +00:00
Dave Rodgman
59059ec503
Merge remote-tracking branch 'origin/development' into msft-aarch64
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-30 09:34:41 +00:00
Yanray Wang
b3e207d762
tls13: early_data: cli: rename early_data parser in nst
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 16:49:51 +08:00
Yanray Wang
0790041dc6
Revert "tls13: early_data: cli: remove nst_ prefix"
...
This reverts commit 3781ab40fb
.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 16:44:44 +08:00
Dave Rodgman
10dfe76425
Merge pull request #8573 from daverodgman/iar-aesce2
...
Disable hw AES on Arm for IAR
2023-11-30 08:22:09 +00:00
Yanray Wang
f4bad42670
itls13: early_data: cli: improve comment
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 15:58:07 +08:00
Valerio Setti
ad6d016b8f
pkwrite: fix return value in pk_get_type_ext()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-30 08:10:36 +01:00
Valerio Setti
3cc486aa11
pkparse: make pk_internal.h always available
...
This is needed because now "pk_internal.h" contains defines for
PEM strings
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-30 08:09:47 +01:00
Yanray Wang
a29db7da2e
tls13: early_data: cli: assign ciphersuite properly
...
When early_data extension is enabled and sent in ClientHello,
the client does not know if the server will accept early data
and select the first proposed pre-shared key with a ciphersuite
that is different from the ciphersuite associated to the selected
pre-shared key. To address aforementioned case, we do associated
verification when parsing early_data ext in EncryptedExtensions.
Therefore we have to assign the ciphersuite in current handshake
to session_negotiate later than the associated verification.
This won't impact decryption of EncryptedExtensions since we
compute handshake keys by the ciphersuite in handshake not via
the one in session_negotiate.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 14:27:38 +08:00
Valerio Setti
bcc004b549
pkwrite: some reshaping for Montgomery keys in mbedtls_pk_write_pubkey_der()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-29 17:16:55 +01:00
Valerio Setti
a4f70fe3fe
pkwrite: simplify management of opaque keys
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-29 15:05:47 +01:00
Janos Follath
c6f1637f8c
Merge pull request #8534 from paul-elliott-arm/fix_mutex_abstraction
...
Make mutex abstraction and tests thread safe
2023-11-29 13:26:23 +00:00
Dave Rodgman
fb96d800ab
Merge pull request #8569 from yuhaoth/pr/fix-warning-on-arm64-gcc-5.4
...
fix build warning with arm64 gcc 5.4
2023-11-29 11:52:18 +00:00
Jerry Yu
92787e42c4
fix wrong gcc version check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-29 16:30:38 +08:00
Jerry Yu
e743aa74b5
add non-gcc arm_neon support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-29 15:54:32 +08:00
Valerio Setti
f9362b7324
pk_internal: small renaming for mbedtls_pk_get_group_id()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-29 08:42:27 +01:00
Jerry Yu
d33f7a8c72
improve document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-29 15:09:21 +08:00
Jerry Yu
71fada10e5
Guards neon path
...
Old GCC(<7.3) reports warning in NEON path
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-29 10:38:07 +08:00
Jerry Yu
5b96b81980
Revert "fix build warning with arm64 gcc 5.4"
...
This reverts commit da3c206ebd
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-29 10:25:00 +08:00
Valerio Setti
bcd305913f
pk: move functions to verify RFC8410 group ID to pk_internal
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-28 16:27:55 +01:00
Dave Rodgman
410ad44725
Disable hw AES on Arm for IAR
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 13:42:17 +00:00
Valerio Setti
d5604bacc4
pkwrite: add internal defines for proper key buffer sizes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-28 14:10:43 +01:00
Valerio Setti
605f03cb76
pkwrite: reorganize code
...
This commits just moves code around. The goal is to group together
functions by guards and functionality:
- RSA, EC, Opaque
- internal VS public
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-28 12:46:39 +01:00
Manuel Pégourié-Gonnard
294f5d7ea9
Merge pull request #8540 from valeriosetti/issue8060
...
[G2] Make CCM and GCM work with the new block_cipher module
2023-11-28 08:18:45 +00:00
Valerio Setti
854c737db1
pk: use common header/footer macros for pkwrite and pkparse
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-28 08:37:57 +01:00
Valerio Setti
180915018d
pem: auto add newlines to header/footer in mbedtls_pem_write_buffer()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-28 08:37:06 +01:00
Jerry Yu
da3c206ebd
fix build warning with arm64 gcc 5.4
...
GCC 5.4 reports below warning on Arm64
```
warning: 'vst1q_u8' is static but used in inline function 'mbedtls_xor' which is not static
```
This inline function miss `static`, others have the keyword
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-28 14:28:03 +08:00
Dave Rodgman
4e9d5aa2ba
Merge pull request #8515 from mschulz-at-hilscher/fixes/pragma-error-gcc452
...
Fix compiler error on gcc 4.5.2.
2023-11-27 11:28:30 +00:00
Dave Rodgman
9fbac381e6
Merge pull request #8326 from daverodgman/aesce-thumb2
...
Support hw-accelerated AES on Thumb and Arm
2023-11-27 09:58:58 +00:00
Dave Rodgman
c94f8f1163
Merge pull request #8551 from daverodgman/sign-conversion-part1
...
Sign conversion part 1
2023-11-24 15:12:00 +00:00
Dave Rodgman
a3b80386d9
Merge remote-tracking branch 'origin/development' into sign-conversion-part1
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-24 11:27:18 +00:00
Janos Follath
905409abe2
Merge pull request #8500 from Ryan-Everett-arm/8409-make-empty-key-slots-explicit
...
Make empty key slots explicit
2023-11-24 08:52:01 +00:00
Oldes Huhuman
1b58ecbfb0
Fixed compilation for Haiku OS
...
Related to: https://github.com/Mbed-TLS/mbedtls/issues/8562
Signed-off-by: Oldes Huhuman <oldes.huhuman@gmail.com>
2023-11-23 22:46:20 +01:00
Paul Elliott
8c6d332c44
Fix comment typos
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-23 18:53:13 +00:00
Dave Rodgman
8cd4bc4ac2
Merge pull request #8124 from yanrayw/support_cipher_encrypt_only
...
Support the negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
2023-11-23 17:43:00 +00:00
Ryan Everett
2a0d4e2995
Revert "Refactor psa_load_persistent_key_into_slot
to remove bad goto
"
...
This reverts commit d69f4017fb
.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-23 16:34:35 +00:00
Dave Rodgman
c44042ddbc
Merge pull request #7905 from lpy4105/issue/misc-improvement
...
misc improvements
2023-11-23 16:20:58 +00:00
Ryan Everett
d69f4017fb
Refactor psa_load_persistent_key_into_slot
to remove bad goto
...
Merges the two calls to `psa_copy_key_material_into_slot.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-23 16:20:45 +00:00
Yanray Wang
3781ab40fb
tls13: early_data: cli: remove nst_ prefix
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-23 18:17:14 +08:00
Yanray Wang
d012084e91
tls13: early_data: cli: optimize code
...
- remove unnecessary check
- using local variable session
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-23 16:38:20 +08:00
Yanray Wang
690ee81533
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-11-23 10:31:26 +08:00
Gilles Peskine
3f5e1e81b2
Merge pull request #8440 from yuhaoth/pr/fix-missing-pre_shared_key-ext-sent-mask
...
Fix missing pre shared key ext sent mask
2023-11-22 16:40:12 +00:00
Yanray Wang
554ee62fba
tls13: early_data: fix wrong debug_ret message
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 18:55:03 +08:00
Yanray Wang
5da8ecffe6
tls13: nst early_data: remove duplicate code
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 18:52:21 +08:00
Yanray Wang
1136fad126
ssl_tls: improve readability in ssl_*_preset_*_sig_algs
...
- fix wrong comment in #endif
- no semantics changes
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 17:41:52 +08:00
Jerry Yu
87b5ed4e5b
Add server side end-of-early-data handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-22 16:48:39 +08:00
Jerry Yu
7d8c3fe12c
Add wait flight2 state.
...
The state is come from RFC8446 section A.2
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-22 16:48:39 +08:00
Jerry Yu
4e9b70e03a
Add early transform computation when accepted
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-22 16:48:39 +08:00
Yanray Wang
69ceb391a0
ssl_tls: remove RSA sig-algs in ssl_tls12_preset_suiteb_sig_algs
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 16:32:55 +08:00
Yanray Wang
b1f60163ba
ssl_tls: remove RSA sig-algs in ssl_preset_suiteb_sig_algs
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 16:28:54 +08:00
Yanray Wang
fd25654311
ssl_tls: remove unnecessary guard
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 10:33:11 +08:00
Yanray Wang
365ee3eaa9
ssl_tls: return correct error code if mbedtls_calloc fails
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 10:33:11 +08:00
Yanray Wang
920db45818
tls13: early_data: support to parse max_early_data_size ext
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 10:33:11 +08:00
Dave Rodgman
e467d62042
Add casts for NEON
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Dave Rodgman
c37ad4432b
misc type fixes in ssl
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Dave Rodgman
df4d42106a
Use standard byte conversion fns in lms
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Dave Rodgman
a3d0f61aec
Use MBEDTLS_GET_UINTxx_BE macro
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Dave Rodgman
b2e8419b50
Fix types in entropy_poll.c
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Dave Rodgman
e4a6f5a7ec
Use size_t cast for pointer subtractions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Manuel Pégourié-Gonnard
d4dc354185
Merge pull request #8541 from yanrayw/issue/ssl-fix-missing-guard
...
ssl_tls: add missing macro guard
2023-11-21 14:57:47 +00:00
Ryan Everett
9f176a2766
Fix status assignments when loading persistent keys
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-21 11:49:57 +00:00
Jerry Yu
60e997205d
replace check string
...
The output has been changed
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:25 +08:00
Jerry Yu
713ce1f889
various improvement
...
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:25 +08:00
Jerry Yu
d84c14f80c
improve code style
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
9cb953a402
improve document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
8e0174ac05
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
472a69260b
fix build failure
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:20 +08:00
Jerry Yu
cf9135100e
fix various issues
...
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
342a555eef
rename ticket received
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef
rename ticket_creation
to ticket_creation_time
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
46c7926f74
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
28e7c554f4
Change the bottom of tolerance window
...
The unit of ticket time has been changed to milliseconds.
And age difference might be negative
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
31b601aa15
improve comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
ec6d07870d
Replace start
with ticket_creation
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
f16efbc78d
fix various issues
...
- Add comments for ticket test hooks
- improve code style.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
cebffc3446
change time unit of ticket to milliseconds
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Valerio Setti
d0eebc1f94
ccm/gcm: improve code maintainability
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-20 15:17:53 +01:00
Gilles Peskine
473ff34d59
Merge pull request #8489 from valeriosetti/issue8482
...
Make CCM* and CCM independent
2023-11-20 14:07:14 +00:00
Ronald Cron
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field
...
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
2023-11-20 08:04:57 +00:00
Paul Elliott
5fa986c8cb
Move handling of mutex->is_valid into threading_helpers.c
...
This is now a field only used for testing.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:13:05 +00:00
Ryan Everett
975d411d92
Only set slot to OCCUPIED on successful key loading
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-16 13:37:51 +00:00
Valerio Setti
9b7a8b2a0c
ccm/gcm: reaplace CIPHER_C functions with BLOCK_CIPHER_C ones
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-16 11:48:00 +01:00
Yanray Wang
19e4dc8df7
tls: fix unused parameter in mbedtls_ssl_cipher_to_psa
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-16 18:05:51 +08:00
Yanray Wang
1a369d68aa
ssl_tls: add missing guard for mbedtls_ssl_cipher_to_psa
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-16 15:17:33 +08:00
Manuel Pégourié-Gonnard
dc848955d6
Merge pull request #8519 from mpg/block-cipher
...
[G2] Add internal module block_cipher
2023-11-15 11:53:22 +00:00
Valerio Setti
5e378d70e6
ssl_misc: remove DES from the list of key types supporting CBC
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-15 09:18:14 +01:00
Dave Rodgman
cba4091581
Merge pull request #8516 from mschulz-at-hilscher/fixes/divided-assembler-syntax-error-gcc493
...
Fixes invalid default choice of thumb assembler syntax.
2023-11-14 17:57:37 +00:00
Matthias Schulz
90c8c3235b
Update library/constant_time_impl.h
...
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com>
2023-11-14 16:35:50 +01:00
Matthias Schulz
3f80ffb9ff
Update library/constant_time_impl.h
...
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com>
2023-11-14 16:35:45 +01:00
Manuel Pégourié-Gonnard
752dd39a69
Merge pull request #8508 from valeriosetti/issue6323
...
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
2023-11-14 11:39:06 +00:00
Yanray Wang
c43479103a
aesce: fix unused parameter
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-14 11:09:56 +08:00
Matthias Schulz
e94525bd17
Updated comments.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-13 14:01:02 +01:00
Matthias Schulz
35842f52f2
Simplified check.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-13 13:57:05 +01:00
Ryan Everett
34d6a5c3df
Move enum definition to satisfy check_names.py
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-13 09:52:12 +00:00
Matthias Schulz
ca8981c1ee
Added proposed fixes
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-13 10:04:19 +01:00
Matthias Schulz
be1e9c5951
Pop only when pushed.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-13 09:33:33 +01:00
Tom Cosgrove
08ea9bfa1f
Merge pull request #8487 from yanrayw/issue/6909/rename_tls13_conf_early_data
...
TLS 1.3: Rename early_data and max_early_data_size configuration function
2023-11-10 19:35:46 +00:00
Manuel Pégourié-Gonnard
76fa16cab3
block_cipher: add encrypt()
...
Test data copied from existing test suites.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-10 12:14:53 +01:00
Manuel Pégourié-Gonnard
3e0884fc53
block_cipher: add setkey()
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-10 11:52:10 +01:00
Yanray Wang
0287b9d260
padlock.c: guard mbedtls_padlock_xcryptcbc by CIPHER_MODE_CBC
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-10 18:21:22 +08:00
Manuel Pégourié-Gonnard
21718769d1
Start adding internal module block_cipher.c
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-10 11:21:17 +01:00
Yanray Wang
cd25d22526
cipher.c: remove checks for CBC,XTS,KW,KWP in cipher_setkey
...
We have checks for CBC, XTS and KW modes in check_config.h. This
means we should never get a successful build with above three modes.
Therefore, the checks in cipher_setkey is not necessary as other
error will be emitted if asking for those modes in the cipher.
Additionally, removing the checks can save extra code size.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-10 15:40:58 +08:00
Valerio Setti
01c4fa3e88
ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h
...
This is useful to properly define MBEDTLS_PSK_MAX_LEN when
it is not defined explicitly in mbedtls_config.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:12:07 +01:00
Yanray Wang
111159b89c
BLOCK_CIPHER_NO_DECRYPT: call encrypt direction unconditionally
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-10 15:03:23 +08:00
Matthias Schulz
5ffc42442d
Fix preprocessor syntax error.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-09 15:44:24 +01:00
Matthias Schulz
2e068cef09
fixes invalid default choice of thumb assembler syntax.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-09 15:25:52 +01:00
Matthias Schulz
ee10b8470a
Fix compiler error on gcc 4.5.2.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-09 15:19:28 +01:00
Matthias Schulz
9916b06ce7
Fix uninitialized variable warnings.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-09 14:25:01 +01:00
Manuel Pégourié-Gonnard
7d7ce0e66a
Merge pull request #8495 from lpy4105/issue/6322/driver-only-cipher_aead-tls
...
[G3] Driver-only cipher+aead: TLS: main test suite
2023-11-09 11:10:34 +00:00
Yanray Wang
f03b49122c
aes.c: guard RSb and RTx properly
...
If we enabled AES_DECRYPT_ALT and either AES_SETKEY_DEC_ALT or
AES_USE_HARDWARE_ONLY, this means RSb and RTx are not needed.
This commit extends how we guard RSb and RTx for the combinations of
these configurations.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-09 11:43:21 +08:00
Gilles Peskine
4dec9ebdc2
Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377
...
Fixes "CSR parsing with critical fields fails"
2023-11-08 18:07:04 +00:00
Dave Rodgman
0d22539de0
Merge pull request #8468 from daverodgman/mbedtls-3.5.1-pr
...
Mbed TLS 3.5.1
2023-11-08 18:01:32 +00:00
Ryan Everett
5567e3a34b
Make empty key slots explicit
...
Add new status field to key slots, and use it.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-08 13:28:20 +00:00
Dave Rodgman
28d40930ae
Restore bump version
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:08 +00:00
Yanray Wang
004a60c087
aes.c: remove non-functional code
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 19:05:31 +08:00
Pengyu Lv
2bd56de3f4
ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros
...
MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals
MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 14:21:19 +08:00
Pengyu Lv
65458fa969
ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h
...
Done by commands:
```
sed -i "300,$ s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 12:16:29 +08:00
Pengyu Lv
829dd2048a
ssl: use MBEDTLS_SSL_HAVE_* in ssl_ciphersuites.c
...
Mainly done by the commands, with some manual adjust.
```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 12:01:26 +08:00
Pengyu Lv
f1b86b088f
ssl: add macro to indicate CBC mode is available
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 11:28:42 +08:00
Pengyu Lv
e870cc8c86
ssl: add macro for available key types
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 11:28:36 +08:00
Tom Cosgrove
53199b1c0a
Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed
...
TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension
2023-11-07 13:59:13 +00:00
Yanray Wang
4995e0c31b
cipher.c: return error for ECB-decrypt under BLOCK_CIPHER_NO_DECRYPT
...
- fix remaining dependency in test_suite_psa_crypto.data
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 17:51:32 +08:00
Tom Cosgrove
4122c16abd
Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination
...
TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption
2023-11-07 09:26:21 +00:00
Jerry Yu
7cca7f6820
move ext print to the end of write client hello
...
pre_shared_key extension is done at the end. The
information should be print after that
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 15:19:13 +08:00
Jerry Yu
1ccd6108e8
Revert "fix miss sent extensions mask"
...
This reverts commit 06b364fdfd
.
It has been set in write_binders
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 14:57:44 +08:00
Jerry Yu
7ef9fd8989
fix various issues
...
- Debug message
- Improve comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 14:31:37 +08:00
Jerry Yu
2bea94ce2e
check the ticket version unconditional
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 14:18:17 +08:00
Yanray Wang
0751761b49
max_early_data_size: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24
early data: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
Pengyu Lv
44670c6eda
Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption"
...
This reverts commit dadeb20383
.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-07 09:58:53 +08:00
Dave Rodgman
4b67ac8adf
Merge pull request #8444 from Mbed-TLS/cvv-code-size
...
code size for mbedtls_cipher_validate_values
2023-11-06 12:50:37 +00:00
Yanray Wang
0d76b6ef76
Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT
...
If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is
still requested in some incompatible modes, we return an error of
FEATURE_UNAVAILABLE as additional indication.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-06 10:02:10 +08:00
Yanray Wang
de0e2599ad
cipher_wrap.c: remove unnecessary NO_DECRYPT guard for DES
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-06 10:02:10 +08:00
Gilles Peskine
8b6b41f6cd
Merge pull request #8434 from valeriosetti/issue8407
...
[G2] Make TLS work without Cipher
2023-11-04 15:05:00 +00:00
Dave Rodgman
4eb44e4780
Standardise some more headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 12:15:12 +00:00
Dave Rodgman
ce38adb731
Fix header in ssl_tls13_keys.c
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 10:29:25 +00:00
Dave Rodgman
f8be5f6ade
Fix overlooked files
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 20:43:00 +00:00
Dave Rodgman
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Dave Rodgman
e91d7c5d68
Update comment to mention IAR
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 10:36:38 +00:00
Dave Rodgman
b351d60e99
Merge remote-tracking branch 'origin/development' into msft-aarch64
2023-11-01 13:20:53 +00:00
Jerry Yu
960b7ebbcf
move psk check to EE message on client side
...
early_data extension is sent in EE. So it should
not be checked in SH message.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:18 +08:00
Jerry Yu
82fd6c11bd
Add selected key and ciphersuite check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:17 +08:00
Jerry Yu
ce3b95e2c9
move ticket version check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:17 +08:00
Jerry Yu
454dda3e25
fix various issues
...
- improve output message
- Remove unnecessary checks
- Simplify test command
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:28:43 +08:00
Dave Rodgman
9ba640d318
Simplify use of __has_builtin
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 23:34:02 +00:00
Dave Rodgman
90c8ac2205
Add case for MSVC
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 23:27:24 +00:00
Dave Rodgman
64bdeb89b9
Use non-empty definition for fallback
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 23:27:04 +00:00
Dave Rodgman
52e7052b6c
tidy up comments
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 23:26:44 +00:00
Dave Rodgman
3e5cc175e0
Reduce code size in mbedtls_cipher_validate_values
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 18:00:01 +00:00
Dave Rodgman
6d2c1b3748
Restructure mbedtls_cipher_validate_values
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 18:00:01 +00:00
Dave Rodgman
fb24a8425a
Introduce MBEDTLS_ASSUME
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 17:59:56 +00:00
Yanray Wang
b67b47425e
Rename MBEDTLS_CIPHER_ENCRYPT_ONLY as MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-10-31 17:22:06 +08:00
Pengyu Lv
dbd1e0d986
tls13: add helpers to check if psk[_ephemeral] allowed by ticket
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 10:17:17 +08:00
Pengyu Lv
29daf4a36b
tls13: server: fully check ticket_flags with available kex mode.
...
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9
back.
Example scenario:
A client proposes to a server, that supports only the psk_ephemeral
key exchange mode, two tickets, the first one is allowed only for
pure PSK key exchange mode and the second one is psk_ephemeral only.
We need to select the second tickets instead of the first one whose
ticket_flags forbid psk_ephemeral and thus cause a handshake
failure.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 09:34:14 +08:00
Dave Rodgman
b06d701f56
Merge pull request #8406 from beni-sandu/aesni
...
AES-NI: use target attributes for x86 32-bit intrinsics
2023-10-30 17:01:06 +00:00
Tom Cosgrove
3857bad9a2
Merge pull request #8427 from tom-cosgrove-arm/fix-linux-builds-in-conda-forge
...
Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME
2023-10-30 15:29:26 +00:00
Valerio Setti
467271dede
ssl_misc: ignore ALG_CBC_PKCS7 for MBEDTLS_SSL_HAVE_xxx_CBC
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:40:32 +01:00
Valerio Setti
1ebb6cd68d
ssl_misc: add internal MBEDTLS_SSL_HAVE_[AES/ARIA/CAMELLIA]_CBC symbols
...
These are used in tests to determine whether there is support for
one of those keys for CBC mode.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Jerry Yu
06b364fdfd
fix miss sent extensions mask
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-30 17:18:42 +08:00
Pengyu Lv
cfb23b8090
tls13: server: parse pre_shared_key only when some psk is selectable
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-30 15:26:26 +08:00
Beniamin Sandu
800f2b7c02
AES-NI: use target attributes for x86 32-bit intrinsics
...
This way we build with 32-bit gcc/clang out of the box.
We also fallback to assembly for 64-bit clang-cl if needed cpu
flags are not provided, instead of throwing an error.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
2023-10-27 17:02:22 +01:00
Valerio Setti
36fe8b9f4b
psa_crypto_cipher: add guard for unused variable
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-27 09:13:33 +02:00
Valerio Setti
1e21f26d88
psa_crypto_cipher: add helper to validate PSA cipher values
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-27 09:13:33 +02:00
Valerio Setti
4a249828a8
psa_crypto_cipher: add mbedtls_cipher_values_from_psa()
...
This commit splits mbedtls_cipher_info_from_psa() in 2 parts:
- mbedtls_cipher_values_from_psa() that performs parameters' validation and
return cipher's values
- mbedtls_cipher_info_from_psa() which then use those values to return
the proper cipher_info pointer. Of course this depends on CIPHER_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-27 09:12:06 +02:00
Valerio Setti
2c2adedd82
psa_crypto_aead: add guard for CIPHER_C dependency
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-27 09:12:06 +02:00
Jerry Yu
71c14f1db6
write early data indication in EE msg
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-27 10:52:49 +08:00
Jerry Yu
985c967a14
tls13: add more checks for server early data
...
- check if it is enabled
- check if it is psk mode
- check if it is resumption
- check if it is tls13 version
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-27 10:52:27 +08:00
Bence Szépkúti
51328162e6
Merge pull request #8374 from sergio-nsk/sergio-nsk/8372/2
...
Fix compiling AESNI in Mbed-TLS with clang on Windows
2023-10-26 21:21:01 +00:00
Dave Rodgman
2db1e354e3
Merge pull request #8408 from daverodgman/iar-fix-aes
...
Fix MBEDTLS_MAYBE_UNUSED for IAR
2023-10-26 15:53:11 +00:00
Gilles Peskine
b3d0ed2e6e
Merge pull request #8303 from valeriosetti/issue6316
...
Add test component with all ciphers and AEADs accelerated only
2023-10-26 15:53:10 +00:00
Tom Cosgrove
257f6dd57d
Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME
...
Fixes #8422
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-10-26 14:04:34 +01:00
Ronald Cron
95b735530c
Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello
...
TLS 1.3: EarlyData SRV: Add early data extension parser.
2023-10-26 08:31:53 +00:00
Valerio Setti
bbc46b4cc2
cipher: improve code readibility in mbedtls_cipher_setup()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-26 09:00:21 +02:00
Dave Rodgman
6e51abf11d
Merge remote-tracking branch 'origin/development' into msft-aarch64
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 15:17:11 +01:00
Dave Rodgman
d1c4fb07ee
Support older IAR versions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 15:07:35 +01:00
Valerio Setti
79a02de79f
cipher: check that ctx_alloc_func is not NULL before calling it
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-25 12:03:36 +02:00
Valerio Setti
a6c0761c43
cipher_wrap: fix guards for GCM/CCM AES
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-25 12:03:36 +02:00
Valerio Setti
e86677d0c3
pkparse: fix missing guards for pkcs5/12 functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-25 12:03:36 +02:00
Dave Rodgman
5e41937eba
Remove dependency on asm/hwcap.h
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 09:06:24 +01:00
Dave Rodgman
9fd1b526c3
Use MBEDTLS_ARCH_IS_ARMV8_A not MBEDTLS_ARCH_IS_ARMV8
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 09:06:24 +01:00
Dave Rodgman
cb5c9fb0c2
Add volatile to prevent asm being optimised out
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 09:06:24 +01:00
Dave Rodgman
b34fe8b88b
Fix #error typo
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 09:06:24 +01:00
Dave Rodgman
90291dfe33
Share some definitions that are common for clang and GCC 5
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 09:06:24 +01:00
Dave Rodgman
46267f6a2d
Tidy-up: move GCM code into one place
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 09:06:24 +01:00