Commit graph

18753 commits

Author SHA1 Message Date
Przemyslaw Stekiel
76e1583483 Convert psa status to mbedtls
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
11a33e6d90 Use PSA_BITS_TO_BYTES macro to convert key bits to bytes
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ae77b0ab28 mbedtls_ssl_tls13_populate_transform: store the en/decryption keys and alg in the new fields
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ffccda45df ssl_tls12_populate_transform: store the en/decryption keys and alg in the new fields
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ce37d11c67 mbedtls_ssl_transform_free(): fix destruction of psa keys
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
8f80fb9b1d Adapt in mbedtls_ssl_transform_init() and mbedtls_ssl_transform_free() after extending mbedtls_ssl_transform struct
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
44187d7a3e Extend mbedtls_ssl_transform struct for psa keys and alg
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
430f337b49 Add helper function to translate mbedtls cipher type/mode pair to psa: algorithm, key type and key size.
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Manuel Pégourié-Gonnard
69bb3f5332 Move hmac_non_psa out of psa/ directory
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 13:09:47 +01:00
Manuel Pégourié-Gonnard
248b385f1b Add comments to AEAD (non-PSA) examples
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 12:56:39 +01:00
Manuel Pégourié-Gonnard
6349794648 Demonstrate better practices in HMAC examples
- avoid hardcoded sizes when there's a macro for that
- avoid mutable global variables
- zeroize potentially-sensitive local buffer on exit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 12:30:02 +01:00
Manuel Pégourié-Gonnard
f392a02c50 Add comments to the HMAC (non-)PSA examples
Also clean up / align the structure on existing examples.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 12:06:07 +01:00
Paul Elliott
a9f32fbb21
Merge pull request #5382 from lhuang04/tls13_f_export_keys
Swap the client and server random for TLS 1.3 f_export_keys
2022-01-28 12:09:19 +00:00
Manuel Pégourié-Gonnard
fd1d13c8bd Avoid requiring too much C99 support
MSVC 2013, still supported and used in our CI, did not support that.

   aead_psa.c(78): error C2099: initializer is not a constant
   aead_psa.c(168): error C2057: expected constant expression
   aead_psa.c(168): error C2466: cannot allocate an array of constant size 0
   aead_psa.c(168): error C2133: 'out' : unknown size
   aead_psa.c(169): warning C4034: sizeof returns 0

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-28 12:52:35 +01:00
Manuel Pégourié-Gonnard
7d5ef1731b Split aead_cipher_psa
Same as previous commit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-28 12:49:37 +01:00
Gilles Peskine
24b781da3c
Merge pull request #5473 from mpg/rm-dead-code
Avoid dead code in some configurations
2022-01-28 12:14:37 +01:00
Xiaofei Bai
6d42bb430c Update mbedtls_ssl_handshake_free()
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-28 10:05:51 +00:00
Manuel Pégourié-Gonnard
f7d704dbd2 Avoid dead code in some configurations
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-28 10:05:56 +01:00
Xiaofei Bai
f5b4d25cfa Add received_sig_algs member to struct mbedtls_ssl_handshake_params
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-28 06:37:15 +00:00
Jerry Yu
fb28b88e26 move client_auth to handshake
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-28 11:05:58 +08:00
lhuang04
a3890a3427 Swap the client and server random for TLS 1.3
Summary:

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
2022-01-27 06:00:43 -08:00
Manuel Pégourié-Gonnard
edf6e83cbc Split hmac_md_psa.c
Having two programs might make comparison easier, and will make it
easier to people to use just the PSA one as an example.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:36:39 +01:00
Manuel Pégourié-Gonnard
1a45c713f0 Fix cleanup code
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:22:28 +01:00
Manuel Pégourié-Gonnard
3aae30c224 Use PSA macros for buffer sizes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:11:49 +01:00
Manuel Pégourié-Gonnard
beef9c231c Use better names for dummy data
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:11:49 +01:00
Manuel Pégourié-Gonnard
428a97ed47 Improve option names
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 11:36:03 +01:00
Manuel Pégourié-Gonnard
0e725c33d4 Improve introductory comments.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 11:35:05 +01:00
Jerry Yu
7ce0f2aa6b Wrap client_auth.
The variable is used for client side only

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-27 18:26:06 +08:00
Ronald Cron
fedefdd6f9
Merge pull request #5276 from xkqian/add_hello_retry_request
Add hello retry request in client side
2022-01-27 11:17:10 +01:00
XiaokangQian
8499b6ce25 Only free verify_cookie in tls 1.3 case.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 09:00:11 +00:00
Xiaofei Bai
82f0a9a1db Rebase and address review comments
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-27 07:53:52 +00:00
XiaokangQian
a909061c2a Refine HRR parse successfully message in test cases
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 03:48:27 +00:00
XiaokangQian
34909746df Change cookie free code and some comments
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 02:25:04 +00:00
Tautvydas Žilys
60165d7708 Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug.
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-26 15:44:10 -08:00
XiaokangQian
52da558103 Change code base on comments
Align the alert type in parse_server_hello
Remove MBEDTLS_SSL_COOKIE_C guard
Enable cookie for both DTLS and TLS1.3

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
aec1f3e913 Cookie fields are used only by DTLS 1.3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
7bae3b616c Add more ciphersuites into test cases for hrr
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
b119a35d07 Refine fatal alert in parse_server_hello
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
d59be77ce7 Refine code based on comments
Add comments for parse hrr key share and cookie
Change variable names based on RFC8466
Refine fatal allerts in parse server hello and hrr

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
0ece998287 Refine code in mbedtls_ssl_reset_transcript_for_hrr
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
f1e7d12cb6 Fix compile issues in mbedtls_ssl_session_reset_msg_layer
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
43550bd761 Prepare function to parse hrr cookie extension
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
2b01dc30cb Add hrr no change check and allign mbedtls_ssl_session_reset_msg_layer
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
355e09ae9d Change code base on comments
Change functions name
Change some comments
Improve hrr test case for gnutls

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
78b1fa7e81 Update code base on comments
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
53f20b71c5 Improve ssl_tls13_parse_server_hello
Avoid coping random bytes in hrr
Send illegal parameter alert when cipher suite mismatch
Send illegal parameter alert when supported_version not exist

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
6db08dd2cb Change ssl-opt.sh to make hrr tests pass
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
d9e068e10b Change code based on comments
Align coding styles
Add hrr parameter for ssl_tls13_parse_server_hello
Add reset steps for SHA384 in HRR

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
8945db36ab Reduce paramter hrr from ssl_tls13_parse_server_hello
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
b48894eca4 Add buffer check for named group
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00