Commit graph

21061 commits

Author SHA1 Message Date
Ronald Cron
b72dac4ed7 Fix PSA identifier of RSA_PKCS1V15 signing algorithms
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-27 09:25:47 +02:00
Ronald Cron
50969e3af5 ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 15:57:57 +02:00
Ronald Cron
277cdcbcde ssl-opt.sh: tls13 opaque key: Enable client authentication
Enable client authentication in TLS 1.3 opaque
key tests to use the opaque key on client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
e3196d270c ssl-opt.sh: tls13 opaque key: Do not force version on client side
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
6ec2123bf3 ssl-opt.sh: Align prefix of TLS 1.3 opaque key tests
Align prefix of TLS 1.3 opaque key tests
with the prefix of the othe TLS 1.3 tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
067a1e735e tls13: Try reasonable sig alg for CertificateVerify signature
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
38391bf9b6 tls13: Do not impose minimum hash size for RSA PSS signatures
When providing proof of possession of
an RSA private key, allow the usage for RSA
PSS signatures of a hash with a security
level lower that the security level of the
RSA private key.

We did not allow this in the first place to
align with the ECDSA case. But as it is not
mandated by the TLS 1.3 specification (in
contrary to ECDSA), let's allow it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:29:41 +02:00
Ronald Cron
67ea2543ed tls13: server: Add sig alg checks when selecting best certificate
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.

That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:26:32 +02:00
Przemek Stekiel
c454aba203 ssl-opt.sh: add tests for key_opaque_algs option
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:22:29 +02:00
Przemek Stekiel
632939df4b ssl_client2: print pk key name when provided using key_opaque_algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Przemek Stekiel
dca224628b ssl_tls13_select_sig_alg_to_psa_alg: optimize code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Przemek Stekiel
f937e669bd Guard new code with MBEDTLS_USE_PSA_CRYPTO
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Przemek Stekiel
3c326f9697 Add function to convert sig_alg to psa alg and use it
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Przemek Stekiel
b40f2e81ec TLS 1.3: Take into account key policy while picking a signature algorithm
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:10:19 +02:00
Manuel Pégourié-Gonnard
409a620dea
Merge pull request #6255 from mprse/md_tls13
Driver-only hashes: TLS 1.3
2022-09-15 10:37:46 +02:00
Manuel Pégourié-Gonnard
18dff1f226
Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake
Expose ECJPAKE through the PSA Crypto API
2022-09-15 09:25:55 +02:00
Ronald Cron
62e24ba186
Merge pull request #6260 from yuhaoth/pr/add-multiple-pre-config-psks
TLS 1.3:Add multiple pre-configured psk test for server
2022-09-15 08:58:40 +02:00
Przemyslaw Stekiel
67ffab5600 ssl.h: use PSA hash buffer size when PSA is used
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 14:51:14 +02:00
Ronald Cron
208257b39f
Merge pull request #6259 from yuhaoth/pr/add-psk_ephemeral-possible-group-tests
TLS 1.3: PSK: Add possible group tests for psk with ECDHE
2022-09-14 14:21:46 +02:00
Przemyslaw Stekiel
ab9b9d4669 ssl_tls13_keys.h: use PSA max hash size
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 13:51:07 +02:00
Przemyslaw Stekiel
da6452578f ssl_tls13_generic.c: fix hash buffer sizes (use PSA_HASH_MAX_SIZE)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 12:50:51 +02:00
Neil Armstrong
6a12a7704d Fix typo in comment
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-14 12:17:42 +02:00
Jerry Yu
673b0f9ad3 Randomize order of psks
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 18:02:26 +08:00
Przemyslaw Stekiel
034492bd56 ssl.h: Fix hash guards
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 11:09:20 +02:00
Przemyslaw Stekiel
004c2181f0 ssl_misc.h: hash guards adaptations
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 11:00:57 +02:00
Manuel Pégourié-Gonnard
b2407f2b91
Merge pull request #6261 from mprse/hash_size_macro
Create MBEDTLS_MAX_HASH_SIZE in hash_info.h
2022-09-14 10:00:06 +02:00
Przemek Stekiel
ce0aa58fd9 check_config.h: make TLS1.3 requirements verification more readable
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
0852ef8b96 mbedtls_ssl_reset_transcript_for_hrr: remove redundant 'else' statement
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
8a2f2b0bd6 check_config.h: fix TLS 1.3 requirements (add HKDF_EXTRACT/EXPAND) and comments
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
dcec7ac3e8 test_psa_crypto_config_accel_hash_use_psa: enable tls.1.3 at the end and adapt comment
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
9408b70513 check_config.h: revert HKDF requirements
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
9dfbf3a006 ssl_tls13_generic.c: optimize code to save memory
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
153b442cc3 mbedtls_ssl_tls13_sig_alg_is_supported: adapt guards
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
a06787a629 build_info.h: include config_psa.h also when MBEDTLS_PSA_CRYPTO_C
This is done to have PSA_WANT_xxx symbols available in check_config.h when MBEDTLS_PSA_CRYPTO_C.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
a4af13a46c test_psa_crypto_config_accel_hash_use_psa: enable TLS 1.3
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
cf9d972a9a Fix config for MBEDTLS_SSL_PROTO_TLS1_3
Remove MBEDTLS_HKDF_C as it is not needed since #5838

Reasoning: we need SHA-256 or SHA-384 via PSA because they're used by HKDF which is now always done via PSA. If in addition to that USE_PSA is enabled, then everything is done via PSA so that's enough. Otherwise, we need the software implementation of SHA-256 or SHA-384, plus MD_C because we're using a VIA_MD_OR_PSA_BASED_ON_USE_PSA as discussed above.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
a9a8816107 ssl.h: adapt guards for MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
47e3cb1875 ssl_tls13_generic.c: adapt guards for MBEDTLS_SHAxxx_C
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Neil Armstrong
fa84962296 Add comment explaining PSA PAKE vs Mbedtls J-PAKE API matching strategy
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-13 15:19:56 +02:00
Neil Armstrong
3d4966a5cb Move possible input/output steps check inside PSA_ALG_JPAKE handling
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-13 15:19:56 +02:00
Neil Armstrong
017db4cdda Drop calls to mbedtls_ecjpake_check()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-13 15:19:56 +02:00
Neil Armstrong
1d0294f6ed Clarify sequence length calculation comment
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-13 15:19:56 +02:00
Neil Armstrong
cb679f23bc Replace 0s with proper defines when possible
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-13 14:43:07 +02:00
Przemek Stekiel
5166954d14 Make more use of MBEDTLS_MAX_HASH_SIZE macro
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 12:57:05 +02:00
Dave Rodgman
8cc46aa22c
Merge pull request #6275 from daverodgman/fixcopyright
Correct copyright and license in crypto_spe.h
2022-09-13 11:23:52 +01:00
Manuel Pégourié-Gonnard
f498910383
Merge pull request #6256 from AndrzejKurek/tls-tests-no-md-ssl-opt
ssl-opt.sh with PSA-based hashing
2022-09-13 10:37:48 +02:00
Dave Rodgman
53a18f23ac Correct copyright and license in crypto_spe.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-09-12 17:57:32 +01:00
Andrzej Kurek
0bc834b27f Enable signature algorithms in ssl programs with PSA based hashes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00
Andrzej Kurek
d681746a51 Split some ssl-opt.sh test cases into two
There's a slightly different behaviour without MBEDTLS_SSL_ASYNC_PRIVATE
that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00
Andrzej Kurek
07e3570f8c Add an ssl-opt.sh run to all.sh for the accel_hash_use_psa config
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00