Gilles Peskine
42d78c73b7
Merge pull request #8550 from gabor-mezei-arm/tf_psa_crypto_change_log_support
...
Modify changelog assembly to work with tf-psa-crypto
2023-12-06 18:25:49 +00:00
Gilles Peskine
57e401b39f
Merge pull request #8521 from valeriosetti/issue8441
...
[G4] Make CTR-DRBG fall back on PSA when AES not built in
2023-12-06 18:25:44 +00:00
David Horstmann
4749007f64
Fix possible integer overflows before widening
...
When calculating a result to go into an mbedtls_ms_time_t, make sure
that arithmetic is performed at the final size to prevent overflow.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-06 17:22:53 +00:00
Valerio Setti
202bb71dcd
ssl_tls12_server: do not export/import opaque keys
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 17:05:24 +01:00
Bence Szépkúti
0354d04d3c
Do not run Valgrind tests in PR jobs
...
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2023-12-06 16:14:37 +01:00
Valerio Setti
acd7bafcbb
driver-only-build: update AEADs section
...
Note: this section shouldn't actually be updated in #8357 , but
rather in #8358 which is the wrapup related to cipher and AEADs
accelaration. As a consequence we start the AEAD section with
a disclaimer explaining that the information written there will
be updated soon by a follow up PR.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 15:17:12 +01:00
Manuel Pégourié-Gonnard
d9c69d12ac
Merge pull request #8513 from mschulz-at-hilscher/feature/explicitly-accessing-private-fields-in-benchmark
...
Explicitly accessing private fields in benchmark
2023-12-06 11:06:32 +00:00
Manuel Pégourié-Gonnard
ad4f0ada37
Merge pull request #8514 from mschulz-at-hilscher/fixes/uninitialized-variable-in-ssl_msg
...
Fix uninitialized variable warnings in ssl_msg.c
2023-12-06 11:06:03 +00:00
Valerio Setti
1e3fcc5692
config-tfm: fix typo in comment
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 11:56:08 +01:00
Valerio Setti
69402fd6a2
changelog: fix typos and working
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 11:32:10 +01:00
Xiaokang Qian
ae952174a7
Enable early data depend on whether the early data file exist
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 10:27:27 +00:00
Jerry Yu
750e06743f
remove misbehavior tests and code
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:22:15 +08:00
Jerry Yu
95648b0134
Some minor improvement
...
- move early data check to `prepare`
- avoid `((void) output_len)
- replace check with `session_ticket_allow` in 2nd place
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:16 +08:00
Jerry Yu
c59c586ac4
change prototype of write_early_data_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:15 +08:00
Jerry Yu
163e12f7ff
remove assignment for session->max_early_data_size
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:09 +08:00
Jerry Yu
ebe1de62f9
fix various issue
...
- rename connection time variable
- remove unnecessary comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:25 +08:00
Jerry Yu
9e7f9bc253
Add missing debug message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:22 +08:00
Jerry Yu
db97163ac7
add ticket max_early_data_size check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:13 +08:00
Jerry Yu
5233539d9f
share write_early_data_ext function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:50 +08:00
Jerry Yu
0069abc141
improve comments of new session ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:46 +08:00
Jerry Yu
1a160703f8
set max_early_data_size of ticket to keep consistent
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:43 +08:00
Jerry Yu
f135bac89c
Add max_early_data_size check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:39 +08:00
Jerry Yu
930ce4cfac
Revert "change max_early_data_size source"
...
This reverts commit 3d8d6a770f3a0f3045820970bc4a5d6ee7df8e10.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:36 +08:00
Jerry Yu
2f5d93b1c9
Revert "set init value for max_early_data_size in session"
...
This reverts commit 8b02d75ed1af883e135979d24e38c0847e66fede.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:33 +08:00
Jerry Yu
d450fd25ae
change max_early_data_size source
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:31 +08:00
Jerry Yu
525990fb62
set init value for max_early_data_size in session
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:28 +08:00
Jerry Yu
db6fda71e5
improve early data comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:51 +08:00
Jerry Yu
10795a0c3b
replace ticket permission set
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:48 +08:00
Jerry Yu
c2b1bc4fb6
replace early data permission check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:46 +08:00
Jerry Yu
4da7c22cd6
add early data flag check function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:44 +08:00
Jerry Yu
ea96ac3da9
fix various issues
...
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:37 +08:00
Jerry Yu
3db60dfe5e
rename nst early data write function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:16:56 +08:00
Jerry Yu
391c943340
Add tests for ticket early data permission bit
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:16:48 +08:00
Jerry Yu
3c2b21ed0e
Enable multi max_early_data_size value for connections
...
For test purpose, we set different value for each
session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:56 +08:00
Jerry Yu
fceddb310e
Add early data permission check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:54 +08:00
Jerry Yu
01da35e2c8
add early data extension of NST
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:52 +08:00
Valerio Setti
bced8bc8d7
ssl_tls12_server: export/import PK parsed key in TLS side
...
Instead of setting both algorithm and enrollement algorithm in the
PK module when parsing the key:
- for Weierstrass keys we only set ECDSA algorithm,
- for Montgomery keys we don't set any algorithm.
Reasons:
- PK module can only do ECDSA and not ECDH
- ECDH is only used in TLS
- Montgomery keys cannot be used to do ECDSA, while Weierstrass ones
can do both ECDSA and ECDH.
So the idea is that once TLS needs the key to do ECDH (either Weierstrass
and Montgomery), it exports the one parsed from the PK module and then
re-imports it setting proper algorithm and flags. In this way the TLS
module will own the new key so it will be its duty to clear it on
exit.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 10:40:47 +01:00
Xiaokang Qian
611c717c02
Sync the early_data option with internal parameters in ssl_client2
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 09:24:58 +00:00
Valerio Setti
fbbafa0d2d
pkparse: do not set key algorithm for Montgomery keys in pk_ecc_set_key()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 10:07:34 +01:00
Xiaokang Qian
f8fe11d14d
Remove the generic file read functions and simply the early data read
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 07:40:50 +00:00
Ronald Cron
40f3f1c36f
Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data
...
TLS 1.3 EarlyData SRV: Parsing 0-RTT data
2023-12-06 06:47:32 +00:00
Xiaokang Qian
eaebedb30b
Refine the detect code to enable early data or not
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:55:16 +00:00
Xiaokang Qian
b1db72923e
Rename the generic read functions to ssl_read_file_text
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:33:38 +00:00
Xiaokang Qian
6c678d7543
Improve the comments of early data input
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:20:51 +00:00
Jerry Yu
42020fb186
revert output message which used by testing
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-05 17:35:53 +08:00
Ronald Cron
a1e867c676
Merge pull request #8576 from yanrayw/issue/fix-tls13-session_negotiate-assignment
...
TLS13: CLI: EarlyData: Assign ciphersuite after associated verification in EE
2023-12-05 08:31:24 +00:00
Valerio Setti
4ac2c18834
pk_wrap: try both ECDSA signature schemes in ecdsa_sign_psa()
...
Instead of extracting key's properties in order to check whether it
supports deterministic or non-deterministic ECDSA, we try both.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-05 07:59:01 +01:00
Xiaokang Qian
70fbdcf904
Change early data flag to input file
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-05 05:50:08 +00:00
Jerry Yu
ebb1b1d48f
fix ci test failure
...
"skip parse certificate verify" can not be changed.
It is used in `Authentication: client badcert, server none`
test.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-05 11:02:15 +08:00
Jerry Yu
b55f9eb5c5
fix various issues
...
- remove unnecessary statements
- improve macro name
- improve output message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-05 10:27:17 +08:00