mbedtls

Author	SHA1	Message	Date
Ronald Cron	fd8cbda3ec	Remove ECDH code specific to TLS 1.3 ECDH operations in TLS 1.3 are now done through PSA. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:31:24 +02:00
Ronald Cron	fd6193c285	ssl_tls13_client: Add downgrade attack protection Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:31:24 +02:00
Ronald Cron	217d699d85	Fix Doxygen marks Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:28:51 +02:00
Paul Elliott	a2da9c7e45	Merge pull request #5631 from gstrauss/enum-tls-vers Unify internal/external TLS protocol version enums	2022-04-19 17:05:26 +01:00
Tom Cosgrove	c144ca6473	Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration Fixes #5752 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-04-19 13:52:24 +01:00
Hanno Becker	606cb1626f	Add comment explaining structure of UMAAL assembly Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:59:33 +01:00
Hanno Becker	d46d96cc3f	Add 2-fold unrolled assembly for umaal based multiplication Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:19:55 +01:00
Hanno Becker	63eb28c728	Use separate counters for 8-fold and single multiplication steps Compilers are likely to generate shorter assembly for loops of the form `while( cnt-- ) { ... }` rather than `for( ; count >= X; count -= X ) { ... }`. (E.g. the latter needs a subtract+compare+branch after each loop, while the former only needs decrement+branch). Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:16:03 +01:00
Hanno Becker	eacf3b9eb4	Simplify organization of inline assembly for bignum Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:16:03 +01:00
Gilles Peskine	09dc05b880	Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail PSA: systematically test operation failure	2022-04-15 10:52:47 +02:00
Manuel Pégourié-Gonnard	63ed7cbf36	Merge pull request #5701 from hanno-arm/mpi_mul_hlp Make size of output in mpi_mul_hlp() explicit	2022-04-15 10:09:06 +02:00
Glenn Strauss	8315811ea7	Remove restrictive proto ver negotiation checks Overly restrictive protocol version negotiation checks might be "version intolerant". TLS 1.3 and DTLS 1.3 move the version to the "supported_versions" ClientHello extension. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	bbdc83b55b	Use mbedtls_ssl_protocol_version in public structs Use mbedtls_ssl_protocol_version in public structs, even when doing so results in a binary-incompatible change to the public structure (PR feedback from @ronald-cron-arm) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	cd78df6aa4	handshake->min_minor_ver to ->min_tls_version Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	041a37635b	Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks mbedtls no longer supports earlier TLS protocol versions Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	e3af4cb72a	mbedtls_ssl_(read\|write)_version using tls_version remove use of MBEDTLS_SSL_MINOR_VERSION_* remove use of MBEDTLS_SSL_MAJOR_VERSION_* (only remaining use is in tests/suites/test_suite_ssl.data) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	60bfe60d0f	mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller. Reduce size of mbedtls_ssl_ciphersuite_t members are defined using integral types instead of enums in order to pack structure and reduce memory usage by internal ciphersuite_definitions[] Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:12 -04:00
Glenn Strauss	2dfcea2b9d	mbedtls_ssl_config min_tls_version, max_tls_version Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible on little-endian platforms, but is compatible on big-endian platforms. For systems supporting only TLSv1.2, the underlying values are the same (=> 3). New setter functions are more type-safe, taking argument as enum mbedtls_ssl_protocol_version: mbedtls_ssl_conf_max_tls_version() mbedtls_ssl_conf_min_tls_version() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:39:43 -04:00
Glenn Strauss	da7851c825	Rename mbedtls_ssl_session minor_ver to tls_version Store the TLS version instead of minor version number in tls_version. Note: struct member size changed from unsigned char to uint16_t Due to standard structure padding, the structure size does not change unless alignment is 1-byte (instead of 2-byte or more) Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is compatible on little-endian platforms, but not compatible on big-endian platforms. The enum values for the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4, respectively. Note: care has been taken to preserve serialized session format, which uses only the lower byte of the TLS version. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:23:57 -04:00
Glenn Strauss	07c641605e	Rename mbedtls_ssl_transform minor_ver to tls_version Store the TLS version in tls_version instead of minor version number. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:23:54 -04:00
Glenn Strauss	dff84620a0	Unify internal/external TLS protocol version enums Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 13:45:20 -04:00
Hanno Becker	3577131bb4	Reintroduce trimming of input in mbedtls_mpi_mul_int() Removing the trimming has significant memory impact. While it is clearly what we want to do eventually for constant-time'ness, it should be fixed alongside a strategy to contain the ramifications on memory usage. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-14 11:52:11 +01:00
Neil Armstrong	769dc05597	Remove bad dependency on MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED for ecdh_ctx guard Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-14 09:56:24 +02:00
Neil Armstrong	282750215c	Remove PSA only code from non-PSA code block code in ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 15:05:11 +02:00
Neil Armstrong	11d4945248	Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 15:03:43 +02:00
Neil Armstrong	1f198d8dee	Simplify by moving ssl_check_server_ecdh_params in the ECDHE non-PSA compile-time block Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 15:02:30 +02:00
Neil Armstrong	913b364a52	Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 14:59:48 +02:00
Manuel Pégourié-Gonnard	6c242a01f7	Merge pull request #5634 from superna9999/5625-pk-opaque-rsa-basics PK Opaque RSA sign	2022-04-13 09:55:42 +02:00
Hanno Becker	0dbf04a9a6	Remove unnecessary memory operations in p25519 quasireduction Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-13 07:26:53 +01:00
Hanno Becker	1772e05fca	Reduce the scope of local variable in mbedtls_mpi_mul_mpi() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-13 07:26:53 +01:00
Hanno Becker	da763de7d0	Revert "Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi()" This reverts commit `808e666eee`. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-13 07:26:42 +01:00
Hanno Becker	127fcabb21	Fail gracefully upon unexpectedly large input to p25519 reduction Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 22:18:36 +01:00
Neil Armstrong	62d452baac	Implement PK Opaque RSA PSS signature Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 15:11:49 +02:00
Neil Armstrong	f3f46416e3	Remove ecdh_ctx variable, init & free when USE_PSA_CRYPTO isn't selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:43:39 +02:00
Neil Armstrong	3ea01498d8	Store TLS1.2 ECDH point format only when USE_PSA_CRYPTO isn't selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:41:50 +02:00
Neil Armstrong	a33a255dcf	Disable non-PSA ECDHE code in mbedtls_ssl_psk_derive_premaster() when USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:40:47 +02:00
Neil Armstrong	d8419ff390	Refactor to make PSA and non-PSA ECDH(E) client code exclusive Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:39:16 +02:00
Neil Armstrong	d91526c17f	Refactor to make PSA and non-PSA ECDH(E) server code exclusive Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:38:52 +02:00
Manuel Pégourié-Gonnard	927410ded3	Merge pull request #5611 from superna9999/5318-tls-ecdhe-psk TLS ECDH 3a: ECDHE-PSK (both sides, 1.2)	2022-04-12 13:28:02 +02:00
Hanno Becker	bb04cb992f	Fix check in p25519 quasi-reduction Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:18:11 +01:00
Hanno Becker	d830feb256	Simplify check in p25519 quasi-reduction Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:10:19 +01:00
Hanno Becker	2ef0cff6c3	Fix size check in p25519 modular reduction The check was meant to precisely catch an underflow. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:02:05 +01:00
Hanno Becker	0235f7512f	Reduce scope of local variables in mpi_montmul() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:02:03 +01:00
Hanno Becker	9137b9c587	Note alternative implementation strategy in mbedtls_mpi_mul_int() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:01:58 +01:00
Hanno Becker	808e666eee	Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:01:57 +01:00
Przemek Stekiel	d7a28646bc	psa_tls12_prf_set_key(): add PSA_TLS12_PRF_STATE_OTHER_KEY_SET as a valid state Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-12 11:27:00 +02:00
Przemek Stekiel	a7695a2d76	psa_key_derivation_check_input_type(): handle PSA_KEY_DERIVATION_INPUT_OTHER_SECRET Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-12 11:27:00 +02:00
Przemek Stekiel	c8fa5a1bdd	psa_tls12_prf_psk_to_ms_set_key(): add support for other secret input Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-12 11:26:47 +02:00
Gilles Peskine	43b0943736	Merge pull request #1946 from hanno-arm/alert_reentrant Make mbedtls_ssl_send_alert_message() reentrant	2022-04-12 11:05:20 +02:00
Neil Armstrong	7624a5ae5e	Allow RSA PK Opaque keys for RSA-PSS signing Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 10:09:26 +02:00
Hanno Becker	53b3c607a0	Move `const` keyword prior to type name Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 13:46:30 +01:00
Hanno Becker	dfcb2d084b	Fix Doxygen for mbedtls_mpi_core_mla() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 13:44:15 +01:00
Hanno Becker	99ba4cc6d5	Remove Doxygen from mbedtls_mpi_core_mla() implementation Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 13:44:03 +01:00
Hanno Becker	efdc519864	Reintroduce though-to-be unused variable in correct place The variable is a local variable for the i386 bignum assembly only; introduce it as part of the start/finish macros. It can be noted that the variable is initialize to 0 within MULADDC_INIT, so there are no data dependencies across blocks of MULADDC_INIT/CORE/STOP. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 10:44:02 +01:00
Hanno Becker	5d4ceeb25c	Remove const qualifier for mutable local variable in mpi_mul_hlp() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 09:46:47 +01:00
Hanno Becker	284d778d28	Address review comments Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 09:19:24 +01:00
Hanno Becker	e9dd9a1f31	Use size_t for number of limbs Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 09:06:27 +01:00
Manuel Pégourié-Gonnard	eaf3086831	Merge pull request #1133 from RonEld/1805 Fix Shared Library compilation issue with Cmake	2022-04-11 09:31:59 +02:00
Hanno Becker	6454993e2e	Safeguard against calling p255 reduction with single-width MPI (In this case, there's nothing to do anyway since we only do a quasi-reduction to N+1 limbs) Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 07:35:58 +01:00
Hanno Becker	25bb732ea7	Simplify x25519 reduction using internal bignum MLA helper Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 07:03:48 +01:00
Hanno Becker	aef9cc4f96	Rename mpi_mul_hlp -> mbedtls_mpi_core_mla and expose internally This paves the way for the helper to be used from the ECP module Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 07:03:43 +01:00
Gilles Peskine	e1730e492d	Merge pull request #5708 from AndrzejKurek/timeless-struggles Remove the dependency on MBEDTLS_TIME_H from the timing module	2022-04-08 18:43:16 +02:00
Neil Armstrong	95a892311d	Comment decrypt & encrypt callback entries of mbedtls_pk_ecdsa_opaque_info as not relevant Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:13:51 +02:00
Neil Armstrong	7df6677c34	Remove now invalid comment in pk_opaque_ecdsa_can_do() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:13:06 +02:00
Neil Armstrong	56e71d4d1a	Update documentation of mbedtls_pk_setup_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:12:42 +02:00
Neil Armstrong	eccf88fa48	Only accept RSA key pair in mbedtls_pk_setup_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:11:50 +02:00
Hanno Becker	5e18f74abb	Make alert sending function re-entrant Fixes #1916 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:16:43 +01:00
Andrzej Kurek	5735369f4a	Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C The timing module might include time.h on its own when on a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 04:41:42 -04:00
Glenn Strauss	236e17ec26	Introduce mbedtls_ssl_hs_cb_t typedef Inline func for mbedtls_ssl_conf_cert_cb() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-07 14:18:30 -04:00
Przemek Stekiel	e3ee221893	Free other secret in tls12_prf context Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:41:56 +02:00
Przemek Stekiel	23650286ac	Add psa_tls12_prf_set_other_key() function to store other secret input Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:41:46 +02:00
Neil Armstrong	c1152e4a0f	Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	7e1b4a45fa	Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	295aeb17e6	Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	b980c9b48c	Add support for RSA in pk_opaque_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	ca5b55f0d1	Add support for RSA in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	eabbf9d907	Add support for RSA PK Opaque key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 14:51:47 +02:00
Andrzej Kurek	714b6603e4	Remove dummy timing implementation Having such implementation might cause issues for those that expect to have a working implementation. Having a compile-time error is better in such case. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-07 07:44:04 -04:00
Manuel Pégourié-Gonnard	1b05aff3ad	Merge pull request #5624 from superna9999/5312-tls-server-ecdh TLS ECDH 3b: server-side static ECDH (1.2)	2022-04-07 11:46:25 +02:00
Hanno Becker	e141702551	Adjust mpi_montmul() to new signature of mpi_mul_hlp() A previous commit has changed the signature of mpi_mul_hlp, making the length of the output explicit. This commit adjusts mpi_montmul() accordingly. It also fixes a comment on the required size of the temporary value passed to mpi_montmul() (but does not change the call-sites). Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:59:34 +01:00
Hanno Becker	74a11a31cb	Adjust mbedtls_mpi_mul_int() to changed signature of mpi_mul_hlp() A previous commit has changed the signature of mpi_mul_hlp(), making the length of the output explicit. This commit adjusts mbedtls_mpi_mul_int() to this change. Along the way, we make the code simpler and more secure by not calculating the minimal limb-size of A. A previous comment indicated that this was functionally necessary because of the implementation of mpi_mul_hlp() -- if it ever was, it isn't anymore. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:59:34 +01:00
Hanno Becker	fee261a505	Adjust mbedtls_mpi_mul_mpi() to new signature of mpi_mul_hlp() The previous commit has changed the signature of mpi_mul_hlp(), making the length of the output explicit. This commit adjusts the call-site in mbedtls_mpi_mul_mpi() to this new signature. A notable change to the multiplication strategy had to be made: mbedtls_mpi_mul_mpi() performs a simple row-wise schoolbook multiplication, which however was so far computed iterating rows from top to bottom. This leads to the undesirable consequence that as lower rows are calculated and added to the temporary result, carry chains can grow. It is simpler and faster to iterate from bottom to top instead, as it is guaranteed that there will be no carry when adding the next row to the previous temporary result: The length of the output in each iteration can be fixed to len(B)+1. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:59:34 +01:00
Hanno Becker	defe56928e	Make length of output explicit in mpi_mul_hlp() The helper `mpi_mul_hlp()` performs a multiply-accumulate operation `d += s * b`, where `d,b` are MPIs and `b` is a scalar. Previously, only the length of `s` was specified, while `d` was assumed to be 0-terminated of unspecified length. This was leveraged at the end of the core multiplication steps computingg the first `limb(s)` limbs of `d + s*b`: Namely, the routine would keep on adding the current carry to `d` until none was left. This can, in theory, run for an arbitrarily long time if `d` has a tail of `0xFF`s, and hence the assumption of `0`-termination. This solution is both fragile and insecure -- the latter because the carry-loop depends on the result of the multiplication. This commit changes the signature of `mpi_mul_hlp()` to receive the length of the output buffer, which must be greater or equal to the length of the input buffer. It is _not_ assumed that the output buffer is strictly larger than the input buffer -- instead, the routine will simply return any carry that's left. This will be useful in some applications of this function. It is the responsibility of the caller to either size the output appropriately so that no carry will be left, or to handle the carry. NOTE: The commit leaves the library in a state where it cannot be compiled since the call-sites of mpi_mul_hlp() have not yet been adjusted. This will be done in the subsequent commits. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:59:29 +01:00
Hanno Becker	e7f14a3090	Remove unused variable in mpi_mul_hlp() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:11:26 +01:00
Gilles Peskine	a9b6c8074a	Fix psa_mac_verify() returning BUFFER_TOO_SMALL It doesn't make sense for psa_mac_verify() to return PSA_ERROR_BUFFER_TOO_SMALL since it doesn't have an output buffer. But this was happening when requesting the verification of an unsupported algorithm whose output size is larger than the maximum supported MAC size, e.g. HMAC-SHA-512 when building with only SHA-256 support. Arrange to return PSA_ERROR_NOT_SUPPORTED instead. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 15:03:39 +02:00
Gilles Peskine	695c4cb7ea	If a cipher algorithm is not supported, fail during setup In some cases, a cipher operation for an unsupported algorithm could succeed in psa_cipher_{encrypt,decrypt}_setup() and fail only when input is actually fed. This is not a major bug, but it has several minor downsides: fail-late is harder to diagnose for users than fail-early; some code size can be gained; tests that expect failure for not-supported parameters would have to be accommodated to also accept success. This commit at least partially addresses the issue. The only completeness goal in this commit is to pass our full CI, which discovered that disabling only PSA_WANT_ALG_STREAM_CIPHER or PSA_WANT_ALG_ECB_NO_PADDING (but keeping the relevant key type) allowed cipher setup to succeed, which caused failures in test_suite_psa_crypto_op_fail.generated in component_test_psa_crypto_config_accel_xxx. Changes in this commit: * mbedtls_cipher_info_from_psa() now returns NULL for unsupported cipher algorithms. (No change related to key types.) * Some code that is only relevant for ECB is no longer built if PSA_WANT_ALG_ECB_NO_PADDING is disabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 15:03:39 +02:00
Gilles Peskine	0c3a071300	Make psa_key_derivation_setup return early if the key agreement is not supported Otherwise the systematically generated algorithm-not-supported tests complain when they try to start an operation and succeed. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 15:00:01 +02:00
Gilles Peskine	0cc417d34b	Make psa_key_derivation_setup return early if the hash is not supported Otherwise the systematically generated algorithm-not-supported tests complain when they try to start an operation and succeed. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 14:58:39 +02:00
Gilles Peskine	9efde4f2ec	Simplify is_kdf_alg_supported in psa_key_derivation_setup_kdf No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 14:57:20 +02:00
Przemek Stekiel	8583627ece	psa_ssl_status_to_mbedtls: add conversion of PSA_ERROR_BUFFER_TOO_SMALL Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-05 10:50:53 +02:00
Neil Armstrong	1039ba5c98	Check if not using Opaque PSK in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:33:01 +02:00
Neil Armstrong	ede381c808	Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:33:01 +02:00
Neil Armstrong	3cae167e6a	Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	e18ff952a7	Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	b7ca76b652	Use intermediate pointer for readability and rename PMS pointer in ECHDE-PSK PSA version of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	fdf20cb513	Fix command indentation in ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	2d63da9269	Introduce zlen size variable in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	d6e2759afb	Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	fb0a81ece9	Return PSA translated errors in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	5a1455d8d5	Remove useless braces in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	3bcef08335	Update comments in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	549a3e4737	Initialize uninitialized variable in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	fc834f2e2c	Introduce content_len_size variable in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	0bdb68a242	Introduce zlen size variable in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:52 +02:00
Neil Armstrong	d8420cad31	Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:52 +02:00
Neil Armstrong	c530aa6b4e	Return PSA translated errors in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:52 +02:00
Neil Armstrong	b9f319aec1	Remove useless braces in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:51 +02:00
Neil Armstrong	2540045542	Update comments in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:07 +02:00
Neil Armstrong	bc5e8f9dd0	Initialize uninitialized variables in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:07 +02:00
Neil Armstrong	039db29c7d	Implement PSA server-side ECDHE-PSK Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:07 +02:00
Neil Armstrong	868af821c9	Implement PSA client-side ECDHE-PSK Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:06 +02:00
Przemek Stekiel	a9f9335ee9	ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check This check can be removed as if the buffer is too small for the key, then export will fail. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-04 17:32:30 +02:00
Neil Armstrong	e88d190f2e	Set ecdh_psa_privkey_is_external to 1 right after setting ecdh_psa_privkey in ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-04 11:27:57 +02:00
Neil Armstrong	f716a700a1	Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-04 11:23:46 +02:00
Manuel Pégourié-Gonnard	de68e39ddf	Merge pull request #5568 from superna9999/5159-pk-rsa-verification PK: RSA verification	2022-04-04 11:23:33 +02:00
Ronald Cron	0e980e8e84	Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 TLS 1.2/1.3 version negotiation - 2	2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard	33a9d61885	Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors Accessors to own CID within mbedtls_ssl_context	2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard	6a25159c69	Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations HKDF 2: use internal implementations in TLS 1.3	2022-04-01 11:15:29 +02:00
Manuel Pégourié-Gonnard	451114fe42	Merge pull request #5647 from superna9999/5179-follow-up-tls-record-hmac-no-mdinfo Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined	2022-04-01 10:04:56 +02:00
Paul Elliott	0113cf1022	Add accessor for own cid to ssl context Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-31 19:21:41 +01:00
Ronald Cron	11218dda96	ssl_client.c: Fix unused parameter Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 18:25:27 +02:00
Ronald Cron	bdb4f58cea	Add and update documentation of some minor version fields Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 18:24:59 +02:00
Ronald Cron	82c785fac3	Make handshake::min_minor_ver client only Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 15:44:41 +02:00
Neil Armstrong	91477a7964	Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:18 +02:00
Neil Armstrong	1335222f13	Return translated PSA error in PSA version of ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:18 +02:00
Neil Armstrong	f788253ed3	Fix comment typo in PSA version of ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Neil Armstrong	80325d00cf	Allow ECDSA PK Opaque keys for ECDH Derivation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Neil Armstrong	104a7c1d29	Handle Opaque PK EC keys in ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Neil Armstrong	8113d25d1e	Add ecdh_psa_shared_key flag to protect PSA privkey if imported Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Neil Armstrong	5cd5f76d67	Use mbedtls_platform_zeroize() in ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Neil Armstrong	4f33fbc7e9	Use PSA define for max EC key pair size in ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Neil Armstrong	306d6074b3	Fix indentation issue in PSA version of ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Neil Armstrong	062de7dd79	Use PSA_BITS_TO_BYTES instead of open-coded calculation in PSA version of ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Neil Armstrong	1f4b39621b	Implement PSA server-side ECDH-RSA/ECDSA Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Ronald Cron	6476726ce4	Fix comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 14:13:57 +02:00
Ronald Cron	a980adf4ce	Merge pull request #5637 from ronald-cron-arm/version-negotiation-1 TLS 1.2/1.3 version negotiation - 1	2022-03-31 11:47:16 +02:00
Ronald Cron	ba120bb228	ssl_tls13_client.c: Fix ciphersuite final validation As we may offer ciphersuites not compatible with TLS 1.3 in the ClientHello check that the selected one is compatible with TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	8fdad9e534	ssl_tls12_client.c: Remove duplicate of ciphersuite validation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	757a2abfe2	ssl_client.c: Extend and export ciphersuite validation function Extend and export ciphersuite validation function to be able to use it in TLS 1.2/3 specific code. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	f735cf1f0f	ssl_tls.c: Fix ciphersuite selection regarding protocol version Use the actual minimum and maximum of the minor version to be negotiated to filter ciphersuites to propose rather than the ones from the configuration. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	9847338429	ssl_tls13_client.c: Add check in supported_versions parsing Add check in ServerHello supported_versions parsing that the length of the extension data is exactly two. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:33:41 +02:00
Ronald Cron	1fa4f6863b	ssl_tls.c: Return in error if default config fails Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:27:35 +02:00
Ronald Cron	a77fc2756e	ssl_tls13_client.c: versions ext writing : Fix available space check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:27:35 +02:00
Ronald Cron	37bdaab64f	tls: Simplify the logic of the config version check and test it Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:26:58 +02:00
Ronald Cron	3cffc5ccb1	tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-30 21:59:44 +02:00
Ronald Cron	150d579d7a	ssl_client.c: Improve coding style Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-30 21:58:50 +02:00
Neil Armstrong	e451295179	Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:41:12 +02:00
Neil Armstrong	253e9e7e6d	Use mbedtls_rsa_info directly in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	ea54dbe7c2	Fix comment typo in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	19e6bc4c9f	Use new PSA to mbedtls PK error mapping functions in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	8a44bb47ac	Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	82cf804e34	Fix 80 characters indentation in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	6baea78072	Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	a33280af6c	Check psa_destroy_key() return in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	059a80c212	Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	52f41f8228	PK: RSA verification PSA wrap implementation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Ronald Cron	da41b38c42	Improve and fix comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-30 14:10:03 +02:00
Manuel Pégourié-Gonnard	3304f253d7	Merge pull request #5653 from paul-elliott-arm/handshake_over Add mbedtls_ssl_is_handshake_over()	2022-03-30 12:16:40 +02:00
Gabor Mezei	e42d8bf83b	Add macro guard for header file Some of the macros are used by the test data files and must be moved before the macros guard. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-30 11:33:06 +02:00
Manuel Pégourié-Gonnard	abed05f335	Merge pull request #5652 from arturallmann/issue-commit Fix comment typo in threading.c	2022-03-30 10:01:24 +02:00
Ronald Cron	8ecd9937a9	ssl_client.c: Fix state change for DTLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	f660655b84	TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	e71639d39b	Simplify TLS major version default value setting Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	dbe87f08ec	Propose TLS 1.3 and TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	9f0fba374c	Add logic to switch to TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	e1d3f06399	Allow hybrid TLS 1.3 + TLS 1.2 configuration Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	fbd9f99f10	ssl_tls.c: Move some client specific functions to ssl_client.c Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	7320e6436b	ssl_tls12_client.c: Switch to generic Client Hello state handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	27c85e743f	ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	5f4e91253f	ssl_client.c: Add DTLS ClientHello message sending specifics Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	4079abc7d1	ssl_client.c: Adapt extensions writing to the TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	11e1857f5e	ssl_client.c: Fix key share code guards In TLS 1.3 key sharing is not restricted to key exchange with certificate authentication. It happens in the PSK and ephemeral key exchange mode as well where there is no certificate authentication. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	df823bf39b	ssl_client.c: Re-order partially extension writing Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:57:54 +02:00
Ronald Cron	42c1cbf1de	ssl_client.c: Adapt compression methods comment to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:56:58 +02:00
Paul Elliott	571f1187b6	Merge pull request #5642 from mprse/ecp_export Add ECP keypair export function	2022-03-29 17:19:04 +01:00
Artur Allmann	3f396152b7	Fix typo "phtreads" to "pthreads" Closes issue #5349 Signed-off-by: Artur Allmann <Artur.Allmann@tptlive.ee>	2022-03-29 17:43:56 +02:00
Ronald Cron	d491c2d779	ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	a874aa818a	ssl_client.c: Add DTLS 1.2 cookie support Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	021b1785ef	ssl_client.c: Adapt session id generation to the TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	58b803818d	ssl_client.c: Adapt TLS random generation and writing to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:50 +02:00
Gabor Mezei	cb5ef6a532	Remove duplicated includes Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:10:01 +02:00
Gabor Mezei	55c49a3335	Use proper macro guard Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:09:15 +02:00
Gabor Mezei	29e7ca89d5	Fix typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:08:49 +02:00
Gabor Mezei	c09437526c	Remove commented out code Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:08:15 +02:00
Ronald Cron	1614eb668c	ssl_client.c: Adapt TLS version writing to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	86a477f5ee	ssl_client.c: Adapt initial version selection to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	5456a7f89c	ssl_client.c: Expand ssl_write_client_hello_body doc with TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	71c2332860	ssl_client.c: Rename TLS 1.3 ClientHello writing functions Rename TLS 1.3 ClientHello writing functions aiming to support TLS 1.2 as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	3d580bf4bd	Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Dave Rodgman	1c41501949	Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal SECLIB-667: Accelerate SHA-512 with A64 crypto extensions	2022-03-29 15:34:12 +01:00
Ronald Cron	8f6d39a81d	Make some handshake TLS 1.3 utility routines available for TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	7ffe7ebe38	ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will be necessary when the ClientHello writing code is made available when MBEDTLS_SSL_PROTO_TLS1_2 is enabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	04fbd2b2ff	ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	12dcdf0d6e	ssl_tls12_client.c: Move writing of TLS 1.2 specific extensions Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	4e263fd49c	ssl_tls12_client.c: Simplify TLS version in encrypted PMS This can only be TLS 1.2 now in this structure and when adding support for TLS 1.2 or 1.3 version negotiation the highest configured version can be TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	90f012037d	ssl_tls12_server.c: Simplify TLS version check in ClientHello The TLS server code only support TLS 1.2 thus simplify the check of the version proposed by the client. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	086ee0be0e	ssl_tls.c: Reject TLS 1.3 version configuration for server Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	8457c12127	ssl_tls12_server.c: Remove some unnecessary checks on TLS minor version Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	b894ac7f99	ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	90915f2a21	ssl_tls12_client.c: Remove some unnecessary checks on TLS minor version ssl_tls12_client.c contains only TLS 1.2 specific code thus remove some checks on the minor version version being MBEDTLS_SSL_MINOR_VERSION_3. No aim for completeness, ssl_parse_server_hello() is not reworked here for example. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00

... 2 3 4 5 6 ...

8772 commits