Andrzej Kurek
b510cd2c50
Fix a copy-paste error - wrong macro used
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-26 10:50:22 -04:00
Andrzej Kurek
5603efd525
Improve readability and formatting
...
Also use a sizeof instead of a constant for zeroization, as
requested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-26 10:49:16 -04:00
Andrzej Kurek
7763829c5c
Add missing ifdef when calculating operation capacity
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 12:24:52 -04:00
Andrzej Kurek
3c4c514302
Remove PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:24:14 -04:00
Andrzej Kurek
b093650033
Add proper capacity calculation for EC J-PAKE to PMS KDF
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:13:00 -04:00
Andrzej Kurek
702776f7cc
Restrict the EC J-PAKE to PMS input type to secret
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 06:22:44 -04:00
Andrzej Kurek
d60907b85d
Define ECJPAKE_TO_PMS in config_psa only if SHA_256 is available
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 14:57:51 -04:00
Andrzej Kurek
08d34b8693
Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2
...
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978 .
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 08:39:26 -04:00
Andrzej Kurek
216baca131
pkcs5: improve error handling
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:15:34 -04:00
Andrzej Kurek
e3d544c58f
Minor PKCS5 improvements
...
Add consts, more elegant size calculation and
variable initialization.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:07:15 -04:00
Andrzej Kurek
3d0dfb99c9
Change the pkcs5_pbkdf2_hmac deprecation approach
...
The shared part has now been extracted and will
be used regardless of the deprecation define.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:07:15 -04:00
Andrzej Kurek
f000471c66
Add missing MD dependency for pkcs5_pbkdf2_hmac
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:07:15 -04:00
Andrzej Kurek
ed98e95c81
Adjust pkcs5 test dependencies
...
Hashing via PSA is now supported
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:03:25 -04:00
Andrzej Kurek
890e78ae66
Deprecate mbedtls_pkcs5_pbkdf2_hmac
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:03:25 -04:00
Andrzej Kurek
dd36c76f09
Provide a version of pkcs5_pbkdf2_hmac without MD usage
...
Use the new implementation locally
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard
97fc247d6a
Merge pull request #6232 from AndrzejKurek/pkcs12-no-md
...
Remove MD dependency from pkcs12 module
2022-09-02 09:43:13 +02:00
Andrzej Kurek
e16e6edfce
Remove the dependency on MD_MAX_SIZE from PKCS12
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-01 08:57:59 -04:00
Andrzej Kurek
7bd12c5d5e
Remove MD dependency from pkcs12 module
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-01 08:57:41 -04:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation
...
TLS 1.3: SRV: Finalize external PSK negotiation
2022-08-31 17:21:57 +02:00
Jerry Yu
1e05b6dd6d
fix coding style and unnecessary assignment
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 10:35:52 +08:00
Manuel Pégourié-Gonnard
bf22a2500b
Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured
...
Remove the dependency on MD from TLS 1.2 tests
2022-08-30 12:34:37 +02:00
Dave Rodgman
0edfa9dd26
Merge pull request #6207 from daverodgman/ticket_time
...
Fix type used for capturing TLS ticket generation time
2022-08-30 10:03:06 +01:00
Jerry Yu
e5834fd0d7
remove unnecessary test
...
also optimize check sum
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-29 20:33:33 +08:00
Jerry Yu
0baf907e11
remove select_ciphersuite
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 11:21:04 +08:00
Jerry Yu
c5a23a0f12
fix various issues
...
- code style
- variable initialize
- update comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 11:09:35 +08:00
Dave Rodgman
fac3ea5656
Merge pull request #6184 from leorosen/ssl_tls_curve_group_id_null_protect
...
mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing
2022-08-24 15:16:45 +01:00
Tom Cosgrove
bcc13c943f
Add further missing whitespaces inside parentheses
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-24 15:08:16 +01:00
Tom Cosgrove
20c1137350
Fix coding style
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-24 15:06:13 +01:00
Dave Rodgman
5a28142410
Merge pull request #6189 from Kxuan/fix-ctr_drbg-uninit
...
ctr_drbg: fix free uninitialized aes context
2022-08-24 14:58:44 +01:00
Jerry Yu
f35ba384ff
Add select ciphersuite entry function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 22:01:58 +08:00
Jerry Yu
dd1bef788e
Add ciphersuite_info check
...
return null if no valid ciphersuite info
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 17:57:02 +08:00
Jerry Yu
29d9faa468
fix various issues.
...
- comments issues
- code format style issues
- naming improvement.
- error return improvements
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 17:53:43 +08:00
Andrzej Kurek
299b1d6c93
Remove unnecessary psa/crypto.h
include
...
This is now included in `legacy_or_psa.h`.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:42:33 -04:00
Andrzej Kurek
cccb044804
Style & formatting fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:26:02 -04:00
Janos Follath
645ff5b8ff
Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures
...
Add the new modulus and the residue structures with low level I/O operations
2022-08-23 09:02:43 +01:00
Andrzej Kurek
7e16ce3a72
Clarify TLS 1.2 dependencies with and without PSA crypto
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
8c95ac4500
Add missing dependencies / alternatives
...
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate,
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
25f271557b
Update SHA and MD5 dependencies in the SSL module
...
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
0ce592169e
Use hash_info_get_size in ssl_tls12_client
...
This way the code does not rely on the MBEDTLS_MD_C define
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
a242e83b21
Rename the sha384 checksum context to reflect its purpose
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:02:04 -04:00
Gilles Peskine
e5018c97f9
Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake
...
Driver-only hashes: EC J-PAKE
2022-08-22 17:28:15 +02:00
Gilles Peskine
20ebaac85e
Merge pull request #6211 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1
...
Be explicit about constant time bignum functions that must take a 0 or 1 condition value
2022-08-22 17:24:04 +02:00
Gilles Peskine
03f1c39ac7
Merge pull request #6171 from mprse/md_x509_test
...
Driver-only hashes: X.509
2022-08-22 17:18:47 +02:00
Janos Follath
2e328c8591
Remove confusing const qualifier
...
Since a is not a pointer, it is passed by value and declaring it const
doesn’t make any sense and on the first read can make me miss the fact
that a is not a pointer.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 11:19:10 +01:00
Janos Follath
c459641ad1
Bignum: add missing limb qualifiers
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 10:04:52 +01:00
Janos Follath
af3f39c01c
Fix typos
...
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
Co-authored-by: Werner Lewis <Werner.Lewis@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 09:08:04 +01:00
Jerry Yu
5725f1cf3a
Align ciphersuite with overwrite.
...
Selected ciphersuite MUST be same with ciphsersuite of PSK.
Overwrite the old ciphersuite with the one of PSK.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 17:50:27 +08:00
Jerry Yu
01e42d2d4c
fix issues in export handshake psk
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 13:00:07 +08:00
Jerry Yu
9f7f646b11
Revert "remove psk key when ephemeral selected"
...
This reverts commit 5c28e7aa0e
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:59:17 +08:00
Jerry Yu
e9d4fc09a3
fix binder value security issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:59:17 +08:00