yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
19923 commits 1 branch 0 tags 94 MiB
Commit graph

8772 commits

Author SHA1 Message Date
Neil Armstrong
8a44bb47ac Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
82cf804e34 Fix 80 characters indentation in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
6baea78072 Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
a33280af6c Check psa_destroy_key() return in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
059a80c212 Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
52f41f8228 PK: RSA verification PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Ronald Cron
da41b38c42 Improve and fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-30 14:10:03 +02:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over 
Add mbedtls_ssl_is_handshake_over()
 2022-03-30 12:16:40 +02:00
Gabor Mezei
e42d8bf83b
Add macro guard for header file 
Some of the macros are used by the test data files and must be moved
before the macros guard.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-30 11:33:06 +02:00
Manuel Pégourié-Gonnard
abed05f335
Merge pull request #5652 from arturallmann/issue-commit 
Fix comment typo in threading.c
 2022-03-30 10:01:24 +02:00
Ronald Cron
8ecd9937a9 ssl_client.c: Fix state change for DTLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
f660655b84 TLS: Allow hybrid TLS 1.2/1.3 in default configurations 
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
e71639d39b Simplify TLS major version default value setting 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
dbe87f08ec Propose TLS 1.3 and TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
9f0fba374c Add logic to switch to TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
e1d3f06399 Allow hybrid TLS 1.3 + TLS 1.2 configuration 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
fbd9f99f10 ssl_tls.c: Move some client specific functions to ssl_client.c 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
7320e6436b ssl_tls12_client.c: Switch to generic Client Hello state handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
27c85e743f ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
5f4e91253f ssl_client.c: Add DTLS ClientHello message sending specifics 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
4079abc7d1 ssl_client.c: Adapt extensions writing to the TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
11e1857f5e ssl_client.c: Fix key share code guards 
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
df823bf39b ssl_client.c: Re-order partially extension writing 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:57:54 +02:00
Ronald Cron
42c1cbf1de ssl_client.c: Adapt compression methods comment to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:56:58 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export 
Add ECP keypair export function
 2022-03-29 17:19:04 +01:00
Artur Allmann
3f396152b7 Fix typo "phtreads" to "pthreads" 
Closes issue #5349

Signed-off-by: Artur Allmann <Artur.Allmann@tptlive.ee>
 2022-03-29 17:43:56 +02:00
Ronald Cron
d491c2d779 ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:57 +02:00
Ronald Cron
a874aa818a ssl_client.c: Add DTLS 1.2 cookie support 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:57 +02:00
Ronald Cron
021b1785ef ssl_client.c: Adapt session id generation to the TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:57 +02:00
Ronald Cron
58b803818d ssl_client.c: Adapt TLS random generation and writing to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:50 +02:00
Gabor Mezei
cb5ef6a532
Remove duplicated includes 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:10:01 +02:00
Gabor Mezei
55c49a3335
Use proper macro guard 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:09:15 +02:00
Gabor Mezei
29e7ca89d5
Fix typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:08:49 +02:00
Gabor Mezei
c09437526c
Remove commented out code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:08:15 +02:00
Ronald Cron
1614eb668c ssl_client.c: Adapt TLS version writing to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron
86a477f5ee ssl_client.c: Adapt initial version selection to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron
5456a7f89c ssl_client.c: Expand ssl_write_client_hello_body doc with TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron
71c2332860 ssl_client.c: Rename TLS 1.3 ClientHello writing functions 
Rename TLS 1.3 ClientHello writing functions
aiming to support TLS 1.2 as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron
3d580bf4bd Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal 
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
 2022-03-29 15:34:12 +01:00
Ronald Cron
8f6d39a81d Make some handshake TLS 1.3 utility routines available for TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
7ffe7ebe38 ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards 
Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will
be necessary when the ClientHello writing code is
made available when MBEDTLS_SSL_PROTO_TLS1_2 is
enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
04fbd2b2ff ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
12dcdf0d6e ssl_tls12_client.c: Move writing of TLS 1.2 specific extensions 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
4e263fd49c ssl_tls12_client.c: Simplify TLS version in encrypted PMS 
This can only be TLS 1.2 now in this structure and when
adding support for TLS 1.2 or 1.3 version negotiation
the highest configured version can be TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
90f012037d ssl_tls12_server.c: Simplify TLS version check in ClientHello 
The TLS server code only support TLS 1.2 thus simplify
the check of the version proposed by the client.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
086ee0be0e ssl_tls.c: Reject TLS 1.3 version configuration for server 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
8457c12127 ssl_tls12_server.c: Remove some unnecessary checks on TLS minor version 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
b894ac7f99 ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
90915f2a21 ssl_tls12_client.c: Remove some unnecessary checks on TLS minor version 
ssl_tls12_client.c contains only TLS 1.2 specific
code thus remove some checks on the minor version
version being MBEDTLS_SSL_MINOR_VERSION_3. No aim
for completeness, ssl_parse_server_hello() is not
reworked here for example.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
a25cf58681 ssl_tls.c: Remove one unnecessary minor version check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
c2f13a0568 ssl_tls.c: Modify mbedtls_ssl_set_calc_verify_md() 
Modify mbedtls_ssl_set_calc_verify_md() taking into
account that it is an TLS 1.2 only function.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
4dcbca952e ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section 
In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the
"if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive
as it is specific to TLS 1.2.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
81591aa0f3 ssl_tls.c: Remove ssl_set_handshake_prfs unnecessary minor_ver param 
ssl_set_handshake_prfs() is TLS 1.2 specific and only called
from TLS 1.2 only code thus no need to pass the TLS minor
version of the currebt session.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
f12b81d387 ssl_tls.c: Fix PSA ECDH private key destruction 
In TLS 1.3, a PSA ECDH private key may be created
even if MBEDTLS_SSL_USA_PSA_CRYPTO is disabled. We
must destroy this key if still referenced by an
handshake context when we free such context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
5b98ac9c64 TLS 1.3: Move PSA ECDH private key destroy to dedicated function 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
8540cf66ac ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512 
In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose
PKCS1 v1.5 signatures with SHA_384/512 not only
SHA_256. There is no point in not proposing them
if they are available.

In TLS 1.3 those could be useful for certificate
signature verification.

In hybrid TLS 1.2/1.3 this allows to propose for
TLS 1.2 the same set of signature algorithms.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
60ff79424e ssl_tls13_client.c: alpn: Miscellanous minor improvements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron
13d8ea1dd9 ssl_tls13_client.c: alpn: Loop only once over protocol names 
This has although the benefit of getting rid of a
potential integer overflow (though very unlikely
and probably harmless).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron
a0855a6d13 ssl_tls13_client.c: alpn: Add missing return value assignment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron
de1adee51a Rename ssl_cli/srv.c 
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 
Add rsae sha384 sha512
 2022-03-29 14:01:51 +02:00
Manuel Pégourié-Gonnard
39f2f73e69
Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing 
Restore full TLS compatibility testing
 2022-03-28 18:31:17 +02:00
Ronald Cron
e44d8e7eea
Merge pull request #5369 from xkqian/add_2nd_client_hello 
Add 2nd client hello
 2022-03-28 12:18:41 +02:00
Przemek Stekiel
ab5274bb19 Remove parameters validation using ECP_VALIDATE_RET 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-28 07:23:08 +02:00
Gabor Mezei
ed6d6589b3
Use hash algoritm for parameter instead of HMAC 
To be compatible with the other functions `mbedtls_psa_hkdf_extract` and
`mbedtls_psa_hkdf_expand` use hash algorithm for parameter.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-26 17:28:06 +01:00
Gabor Mezei
07732f7015
Translate from mbedtls_md_type_t to psa_algorithm_t 
Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-26 17:04:19 +01:00
Gabor Mezei
5d9a1fe9e9
PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3 
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-26 15:47:15 +01:00
Ronald Cron
fb39f15fa1 ssl_tls.c: Use ETM status only in CBC mode case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-25 16:50:18 +01:00
Ronald Cron
862902dd57 ssl_srv.c: Mark ETM as disabled if cipher is not CBC 
Encrypt-Then-Mac (ETM) is supported in Mbed TLS TLS
1.2 server only for the CBC cipher mode thus make it
clear in the SSL context.

The previous code was ok as long as the check of
the ETM status was done only in the case of the CBC
cipher mode but fragile as #5573 revealed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-25 16:50:18 +01:00
Manuel Pégourié-Gonnard
cefa904759
Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor 
Accessor for mbedtls_timing_delay_context final delay
 2022-03-25 09:14:41 +01:00
XiaokangQian
20438976f9 Change comments and styles base on review 
Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 08:09:29 +00:00
XiaokangQian
c02768a399 Replace ssl->handshake with handshake in write_cookie_ext() 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
9b93c0dd8d Change cookie parameters for dtls and tls 1.3 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
25c9c9023c Refine cookie len to fix compile issues 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
9deb90f74e Change parameter names and code style 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
5e3c947841 Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
233397ef88 Update code base on comments 
Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data
Change code styles and comments
Fix cookie write issues

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
0b64eedba8 Add cookies write in client hello 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
Ronald Cron
90045241e7
Merge pull request #5659 from yuhaoth/pr/fix-wrong-check-certificate-verify 
TLS1.3: Fix incorrect check for certificate verify
 2022-03-25 08:35:41 +01:00
Jerry Yu
6c6f10265d fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-25 11:09:50 +08:00
Paul Elliott
27b0d94e25 Use mbedtls_ssl_is_handshake_over() 
Switch over to using the new function both internally and in tests.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-24 14:43:52 +00:00
Jerry Yu
bd1b3278b1 Remove useless code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-24 13:07:28 +08:00
Tom Cosgrove
b7f5b97650 Minor changes to sha256.c to bring it in line with sha512.c 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-23 21:40:56 +00:00
Tom Cosgrove
87fbfb5d82 SECLIB-667: Accelerate SHA-512 with A64 crypto extensions 
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.

The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-23 21:40:53 +00:00
Jerry Yu
e26acee896 Refactor guards for sig algs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 21:01:33 +08:00
Jerry Yu
f8aa9a44aa fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 20:54:38 +08:00
Manuel Pégourié-Gonnard
5e4bf95d09
Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies 
MD: HMAC in DTLS cookies
 2022-03-23 13:05:24 +01:00
Jerry Yu
8c3388620d create sig_alg decode function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 13:34:04 +08:00
Jerry Yu
0c23fc39c3 fix various guards issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 12:20:01 +08:00
Jerry Yu
7533982f68 guard pk_error_from_psa_ecdsa with USE_PSA_CRYPTO 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 12:06:31 +08:00
Jerry Yu
e010de4be3 Rename ctx to rsa_ctx 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 11:45:55 +08:00
Jerry Yu
fb0621d841 fix pk_sign_ext issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 11:42:06 +08:00
Jerry Yu
cef3f33012 Guard rsa sig algs with rsa_c and pkcs1_v{15,21} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 23:16:42 +08:00
Jerry Yu
e91a51a539 Refactor get_sig_alg_from pk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 21:42:50 +08:00
Jerry Yu
bf455e7516 rename pk_psa_rsa_sign_ext param 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 21:39:41 +08:00
Jerry Yu
3616533d26 tls13:remove ec check from validate certification 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 19:46:05 +08:00
Neil Armstrong
488a40eecb Rename psa_hmac to psa_hmac_key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-22 10:41:38 +01:00
Jerry Yu
dddf5a0e18 Refactor get_sig_alg_from_pk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:47:19 +08:00
Jerry Yu
89107d1bc2 fix ci fail without RSA_C 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:14:53 +08:00
Jerry Yu
406cf27cb5 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:14:53 +08:00
Jerry Yu
848ecce990 fix wrong typo in function name 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:14:52 +08:00
Jerry Yu
07869e804c fix psa crypto test fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
b02ee18e64 replace use_psa_crypto with psa_crypto_c 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
b6875bc17a change rsa_pss salt type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
704cfd2a86 fix comments and style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
718a9b4a3f fix doxgen fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
1d172a3483 Add pk_psa_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
8beb9e173d Change prototype of pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
67eced0132 replace pk_sign with pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
d69439aa61 add mbedtls_pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
3a58b462b6 add pss_rsae_sha{384,512} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
bfcfe74b4e add signature algorithm debug helper 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:33 +08:00
Jerry Yu
919130c035 Add rsa_pss_rsae_sha256 support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:33 +08:00
Gabor Mezei
1e64f7a643
Use MBEDTLS_USE_PSA_CRYPTO macro guard for testing instead of MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:54 +01:00
Gabor Mezei
1bf075fffd
Use SSL error codes 
The `psa_ssl_status_to_mbedtls` function is not only used for
cipher operations so transalte to TLS error codes.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:53 +01:00
Gabor Mezei
adfeadc6e5
Extend PSA error translation 
Add new error codes to the PSA to mbedtls error translation.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:53 +01:00
Gabor Mezei
58db65354b
Use the PSA-based HKDF functions 
Use the `mbedtls_psa_hkdf_extract` and `mbedtls_psa_hkdf_expand`
functions in the HKDF handling.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:53 +01:00
Paul Elliott
b9af2db4cf Add accessor for timing final delay 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-21 15:26:19 +00:00
Neil Armstrong
79daea25db Handle and return translated PSA errors in ssl_cookie.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-21 12:05:51 +01:00
Neil Armstrong
2d5e343c75 Use inline PSA code instead of using ssl_cookie_hmac in mbedtls_ssl_cookie_write() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-21 11:39:52 +01:00
Manuel Pégourié-Gonnard
f4042f076b
Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac 
TLS record HMAC
 2022-03-21 11:36:44 +01:00
Manuel Pégourié-Gonnard
706f6bae27
Merge pull request #5518 from superna9999/5274-ecdsa-signing 
PK: ECDSA signing
 2022-03-21 09:57:57 +01:00
Manuel Pégourié-Gonnard
472044f21e
Merge pull request #5525 from superna9999/5161-pk-rsa-encryption 
PK: RSA encryption
 2022-03-21 09:57:38 +01:00
Ronald Cron
8d7afc642c
Merge pull request #5523 from ronald-cron-arm/one-flush-output-development 
TLS 1.3: One flush output
 2022-03-21 08:44:04 +01:00
Neil Armstrong
62e6ea2c22 Avoid spurious write to *olen in PSA version of rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 15:39:49 +01:00
Neil Armstrong
17a0655c8d Add documentation to find_ecdsa_private_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 15:27:38 +01:00
Neil Armstrong
05132ed490 md_alg is used in ecdsa_sign_wrap(), cleanup code 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 15:14:57 +01:00
Neil Armstrong
cb753a6945 Use mbedtls_eckey_info directly in ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 15:14:48 +01:00
Przemek Stekiel
711d0f5e29 Add implemetation of ECP keypair export function 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-18 13:52:26 +01:00
Manuel Pégourié-Gonnard
e5b53193e0
Merge pull request #5636 from mprse/tls_ecdh_2b 
TLS ECDH 2b: client-side static ECDH (1.2)
 2022-03-18 11:36:53 +01:00
Neil Armstrong
29c0c040fc Only make PSA HMAC key exportable when NULL or CBC & not EtM in ssl_tls12_populate_transform() 
This requires moving the HMAC init after CIPHER init.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 11:10:09 +01:00
Neil Armstrong
9ebb9ff60c Reduce HMAC buffer usage in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 11:09:58 +01:00
Neil Armstrong
72c2f76c43 Assume MAC key length is always exactly the output size in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 11:09:36 +01:00
Neil Armstrong
36cc13b340 Use PSA defines for buffers in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 11:09:20 +01:00
Neil Armstrong
ae57cfd3e7 Use psa_ssl_status_to_mbedtls in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 10:00:10 +01:00
Neil Armstrong
28d9c631b8 Fix comments in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 10:00:10 +01:00
Ron Eldor
183264cb95 Fix shared library link error with cmake on Windows 
Set the library path as the current binary dir

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-17 12:07:50 +00:00
Manuel Pégourié-Gonnard
8d4bc5eeb9
Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac 
HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC
 2022-03-17 11:55:48 +01:00
Manuel Pégourié-Gonnard
15c0e39fff
Merge pull request #5519 from superna9999/5150-pk-rsa-decryption 
PK: RSA decryption
 2022-03-17 11:02:13 +01:00
Manuel Pégourié-Gonnard
7c92fe966a
Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection 
TLS Cipher 2a: tickets: use PSA for protection
 2022-03-17 09:50:09 +01:00
Manuel Pégourié-Gonnard
560ef5975c
Merge pull request #5613 from mprse/tls_ecdh_2a 
TLS ECDH 2a: server-side ECDHE-ECDSA and ECDHE-RSA (1.2)
 2022-03-17 09:29:41 +01:00
Przemek Stekiel
068a6b4013 ssl_check_server_ecdh_params():Adapt build flags 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-17 07:54:09 +01:00
Neil Armstrong
da1d80db19 Use mbedtls_rsa_info directly in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:36:32 +01:00
Neil Armstrong
7b1dc85919 Simplify padding check and get rid of psa_sig_md in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:36:06 +01:00
Neil Armstrong
6b03a3de5c Use mbedtls_rsa_info directly in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:31:07 +01:00
Neil Armstrong
8e80504b46 Simplify padding check and get rid of psa_sig_md in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:30:31 +01:00
Gabor Mezei
103e08aab9
Fix return value handling 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 13:45:41 +01:00
Przemek Stekiel
561a42392a ssl_parse_signature_algorithm(): refactor PSA CRYPTO code 
- use mbedtls_ecp_point_write_binary() instead mbedtls_mpi_write_binary().
- add check for ECDH curve type in server's certificate

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 13:16:24 +01:00
Gabor Mezei
5b8b890a61
Check PSA functions' return value before converting 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 12:56:58 +01:00
Gabor Mezei
36c9f51ef2
Use size_t instead of int to silence compiler warnings 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 12:55:32 +01:00
Gabor Mezei
4f4bac7e22
Remove blank lines 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 12:54:27 +01:00
Przemek Stekiel
dd482bfd6a Modify own_pubkey_max_len calculation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:43:22 +01:00
Przemek Stekiel
a4e15cc0d5 Fix comment: add fields size 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:32:42 +01:00
Przemek Stekiel
855938e17d Move mbedtls_ecdh_setup() to no-psa path 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:29:29 +01:00
Przemek Stekiel
338b61d6e4 Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:24:09 +01:00
Przemek Stekiel
d905d33488 ssl_write_client_key_exchange(): enable psa support for ECDH-ECDSA and ECDH-RSA key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 09:50:56 +01:00
Przemek Stekiel
ea4000f897 ssl_parse_signature_algorithm(): populate psa handshake fields when psa crypto is enabled 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 09:49:33 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless 
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
 2022-03-15 16:43:19 +00:00
Przemek Stekiel
ce1d792315 Remove duplicated code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 16:16:25 +01:00
Neil Armstrong
169e61add6 Zeroise stack buffer containing private key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-14 14:26:49 +01:00
Neil Armstrong
3aca61fdfc Zeroise stack buffer containing private key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-14 14:24:48 +01:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal 
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
 2022-03-14 12:57:37 +00:00
Przemek Stekiel
fc91a1f030 Use PSA for private key generation and public key export only for ECDHE keys 
This should be cleaned when server-side static ECDH (1.2) support is added (#5320).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 12:05:27 +01:00
Przemek Stekiel
a21af3da00 Use mbedtls_psa_parse_tls_ecc_group() instead PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa() ) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 10:09:13 +01:00
Przemek Stekiel
0a60c129de Add intermediate variables to increase code readability 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 09:54:51 +01:00
Przemek Stekiel
e9f00445bc Destroy ecdh_psa_privkey on failure 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 09:42:32 +01:00
Przemek Stekiel
130c4b5567 Use PSA version of key agreement only for ECDHE keys 
This should be cleaned when server-side static ECDH (1.2) support is added (#5320).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 09:18:24 +01:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc 
PSA: implement key derivation for ECC keys
 2022-03-14 09:17:13 +01:00
Gilles Peskine
81d903f5aa
Merge pull request #5510 from SiliconLabs/feature/PSEC-3269-MD-X.509-hashing 
feat: MD: X.509 hashing
 2022-03-10 20:16:43 +01:00
Gilles Peskine
afb482897b
Merge pull request #5292 from mprse/asym_encrypt 
Driver dispatch for PSA asymmetric encryption + RSA tests
 2022-03-10 20:07:38 +01:00
Gabor Mezei
49c8eb3a5a
Enable chachcapoly cipher for SSL tickets 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Gabor Mezei
2a02051286
Use PSA in TLS ticket handling 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Gabor Mezei
e6d867f476
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 15:04:58 +01:00
Ronald Cron
a8b38879e1 Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-10 13:58:17 +01:00
Ronald Cron
7a94aca81a Move state change from CLIENT_CERTIFICATE to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-10 13:58:04 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Przemek Stekiel
fd32e9609b ssl_parse_client_key_exchange(): read the curve identifier and the peer's public key and compute the shared secret using PSA 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-09 16:01:59 +01:00
Przemek Stekiel
b6ce0b6cd8 ssl_prepare_server_key_exchange(): generate a private/public key and write out the curve identifier and public key using PSA 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-09 16:01:50 +01:00
Ronald Cron
5bb8fc830a Call Certificate writing generic handler only if necessary 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
3f20b77517 Improve comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
00d012f2be Fix type of force_flush parameter 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
9f55f6316e Move state change from CSS states to their main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
3addfa4964 Move state change from WRITE_CLIENT_HELLO to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
66dbf9118e TLS 1.3: Do not send handshake data in handshake step handlers 
Send data (call to mbedtls_ssl_flush_output()) only from
the loop over the handshake steps. That way, we do not
have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE
error code) on the network in handshake step handlers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
9df7c80c78 TLS 1.3: Always go through the CLIENT_CERTIFICATE state 
Even if certificate authentication is disabled at build
time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state.
It simplifies overall the code for a small code size
cost when certificate authentication is disabled at build
time. Furthermore that way we have only one point in the
code where we switch to the handshake keys for record
encryption.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:50:08 +01:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn 
Port ALPN support for tls13 client from tls13-prototype
 2022-03-08 17:53:38 +00:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c 
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
 2022-03-08 11:43:45 +01:00
Przemek Stekiel
c85f0912c4 psa_crypto.c, test_suite_psa_crypto.function: fix style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-08 11:37:54 +01:00
Gilles Peskine
44311f5c98
Merge pull request #5571 from superna9999/5162-pk-rsa-signing 
PK: RSA signing
 2022-03-07 17:09:14 +01:00
Gilles Peskine
15364ffb03
Merge pull request #5579 from SiliconLabs/erase_secret_before_free 
Erase secrets in allocated memory before freeing said memory
 2022-03-07 17:04:04 +01:00
Neil Armstrong
6d5baf5f1e Use PSA MAC verify API in mbedtls_ssl_cookie_check() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong
be52f500c8 Use PSA_ALG_TRUNCATED_MAC() to limit to COOKIE_HMAC_LEN in mbedtls_ssl_cookie_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong
7cd0270d6c Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong
2217d6f825 Generate cookie MAC key with psa_generate_key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
pespacek
b9ca22dead Improving readability of x509_crt and x509write_crt for PR 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-03-07 13:59:44 +01:00
pespacek
d924e55944 Improving readability of x509_crt and x509write_crt 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-03-07 13:31:54 +01:00
Przemek Stekiel
7fc0751f78 Restore build options for mbedtls_ecc_group_of_psa() and related functions 
Additional issue created to simplifiy usage of BUILTIN_KEY_TYPE_xxx && BUILTIN_ALG_yy macros https://github.com/ARMmbed/mbedtls/issues/5596

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-06 20:43:46 +01:00
Neil Armstrong
77b69ab971 Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:45 +01:00
Neil Armstrong
23d34ce372 Use PSA HMAC API in ssl_cookie_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:45 +01:00
Neil Armstrong
d633201279 Import PSA HMAC key in mbedtls_ssl_cookie_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:18 +01:00
Andrzej Kurek
09e803ce0d Provide a dummy implementation of timing.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek
108bf520e0 Add a missing guard for time.h in net_sockets.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Daniel Axtens
f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 05:07:45 -05:00
Neil Armstrong
bca99ee0ac Add PSA key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 10:20:20 +01:00
Neil Armstrong
e87804920a Use new PSA to mbedtls PK error mapping functions in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:54:16 +01:00
Neil Armstrong
b556a42656 Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
f47135756c Map INVALID_PADDING from PSA to MbedTLS error in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
0d46786034 Fix style issue in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
f1b564bb8d Check psa_destroy_key() return in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
18f43c7304 PK: RSA decrypt PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
e4edcf761d Use new PSA to mbedtls PK error mapping functions in ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:46:41 +01:00
Neil Armstrong
ff70f0bf77 Check psa_destroy_key() return in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
edcc73c992 Fix 80 characters indentation in ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
dab14de96a Use now shared ECP_PRV_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
15021659d1 Move pk_ecdsa_sig_asn1_from_psa() before ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
5874aa38f7 Fix style issue in find_ecdsa_private_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
cf5a215a43 Check psa_destroy_key() return in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
e960690b89 PK: ECDSA signing PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
db69c5213f Use new PSA to mbedtls PK error mapping functions in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:41:23 +01:00
Neil Armstrong
66fa769ae8 Fix 80 characters indentation in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
4b1a059f7d Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
48a9833cdf Check psa_destroy_key() return in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
e4f28688fd Fix comment typo in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
9854568204 PK: RSA signing PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
3770e2483f Use new PSA to mbedtls PK error mapping functions in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:37:33 +01:00
Neil Armstrong
deb4bfb2b9 Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong
9dccd866c3 Check psa_destroy_key() return in ecdsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong
7dd3b20d36 Check psa_destroy_key() return in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong
ac014ca5d9 Fix comment typos in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong
96a16a429b PK: RSA encrypt PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Gilles Peskine
1f13e984ad
Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls 
Rename, move and refine PSA to mbedtls PK errors mappings
 2022-03-03 13:30:29 +01:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters 
Add function to get message digest info from context
 2022-03-02 16:44:26 +01:00
Gilles Peskine
e8c8300190
Merge pull request #5581 from superna9999/pk-move-rename-rsa-ec-key-sizes 
Move max sizes of RSA & EC DER keys into public header
 2022-03-02 16:41:53 +01:00
Neil Armstrong
6828d8fdc4 Return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if MAC algorithm isn't supported in ssl_tls.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:37:11 +01:00
Neil Armstrong
6958bd0206 Clean aux_out in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:37:11 +01:00
Neil Armstrong
4313f55a13 Simplify error handling of PSA mac operationsg in ssl_msg.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:37:04 +01:00
Neil Armstrong
321116c755 Remove spurious debug in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:06:15 +01:00
Przemek Stekiel
e894c5c4a5 Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-02 08:45:56 +01:00
Paul Elliott
06898650f9
Merge pull request #5471 from yuhaoth/pr/add-tls13-client-certificate-verify 
TLS1.3: Add write client Certificate and CertificateVerify
 2022-03-01 18:42:00 +00:00
Przemek Stekiel
15565eeb59 Move publick key check out of MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 17:01:39 +01:00
Neil Armstrong
19915c2c00 Rename error translation functions and move them to library/pk_wrap.* 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 15:21:02 +01:00
Przemek Stekiel
a81aed2dae Clean up init values of psa crypto status and fix switch default case 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 15:13:30 +01:00
Przemek Stekiel
f110dc05be Clenup conditional compilation flags. 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 14:48:05 +01:00
Przemek Stekiel
dcab6ccb3b Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled. 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 14:29:49 +01:00
Neil Armstrong
0f49f83625 Use now shared ECP_PUB_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 10:05:33 +01:00
Neil Armstrong
e9ecd27890 Rename max sizes of RSA & EC DER keys defines 
Rename to match the required pattern of defines:
'^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$'

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 10:03:21 +01:00
Neil Armstrong
e0326a6acc Move max sizes of RSA & EC DER keys into private pkwrite.h 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 09:58:58 +01:00
Glenn Strauss
6989407261 Add accessor to retrieve SNI during handshake 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b Provide means to reset handshake cert list 
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0 Add server certificate selection callback 
https://github.com/ARMmbed/mbedtls/issues/5430

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 17:31:49 -05:00
Neil Armstrong
e858996413 Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf() 
Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:17:50 +01:00
Neil Armstrong
2968d306e4 Implement mbedtls_ct_hmac() using PSA hash API 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:50 +01:00
Neil Armstrong
cf8841a076 Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined 
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
26e6d6764e Use PSA MAC API in mbedtls_ssl_encrypt/decrypt_buf() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
0760ade761 Setup & Import HMAC keys in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Steven Cooreman
cd5be32191 Erase secrets in allocated memory before freeing said memory 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2022-02-25 11:14:59 +01:00
Andrzej Kurek
a0237f86d3 Add missing key destruction calls in ssl_write_client_key_exchange 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-25 04:36:40 -05:00
Tom Cosgrove
7e7aba8c9d Rename mbedtls_a64_crypto_sha256_check_support() to mbedtls_a64_crypto_sha256_determine_support() 
The Mbed TLS coding standard specifies that "check" functions must return 0
for success (i.e. feature present), while "has" functions should return 1 for
true. Since we were using "check" to do the actual check, and "has" to get the
cached value, having inverted values here would be confusing.  Therefore,
rename "check" to "determine", as that's what those functions are doing.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-02-24 08:33:11 +00:00
Jerry Yu
71f36f1d2e change alert message type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-23 17:34:29 +08:00
Neil Armstrong
39b8e7dde4 Add, Initialize & Free HMAC keys in mbedtls_ssl_transform 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-23 09:24:57 +01:00
Jerry Yu
0b7b101b3b fix warnings 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-23 12:26:48 +08:00
Jerry Yu
2ff6ba1df0 Remove rsa_pss_rsae_sha256 support. 
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-23 10:38:25 +08:00
Przemyslaw Stekiel
91ebfc0402 Adapt compilation flags for ECC key derivation 
Use conditional compilation flags for building ECC key derivation code consistent with flags used for mbedtls_ecc_group_of_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 15:50:30 +01:00
Neil Armstrong
3f9cef4547 Remove actual and use new PSA to mbedtls PK errors mapping functions 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 15:44:39 +01:00
Neil Armstrong
ea761963c5 Add specialized PSA to mbedtls PK/RSA error mapping function 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 14:37:00 +01:00
Neil Armstrong
cd501f406e Add specialized PSA to mbedtls PK/ECDSA error mapping function 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 14:37:00 +01:00
Neil Armstrong
a3fdfb4925 Introduce new PSA to mbedtls PK error mapping function 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 14:37:00 +01:00
Przemyslaw Stekiel
76960a7217 mbedtls_mpi_read_binary() document that function guarantees to return an MPI with exactly the necessary number of limbs and remove redundant call to mbedtls_mpi_grow() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
aeaa4f0651 Code optimization 
- fix codding style
- fix comments and descriptions
- add helper function for montgomery curve
- move N-2 calculation outside the loop
- fix access to <data> bytes: *data[x] -> (*data)[x]

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
6d3d18b2dc psa_generate_derived_key_internal, psa_generate_derived_ecc_key_weierstrass_helper: optimize the code 
Perform the following optimizations:
- fix used flags for conditional compilation
- remove redundant N variable
- move loop used to generate valid k value to helper function
- fix initial value of status
- fix comments

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
924815982a Workaround for VS compiler build error 
The following error was reported by CI for win32/release builds:

37>Done Building Project "C:\builds\workspace\mbed-tls-pr-head_PR-5139-head\worktrees\tmp_nn5muy8\visualc\VS2010\gen_entropy.vcxproj.metaproj" (Rebuild target(s)).
67>c:\builds\workspace\mbed-tls-pr-head_pr-5139-head\worktrees\tmp_nn5muy8\library\psa_crypto.c(4840): fatal error C1001: An internal error has occurred in the compiler. [C:\builds\workspace\mbed-tls-pr-head_PR-5139-head\worktrees\tmp_nn5muy8\visualc\VS2010\key_ladder_demo.vcxproj]
         (compiler file 'f:\dd\vctools\compiler\utc\src\p2\main.c', line 228)
          To work around this problem, try simplifying or changing the program near the locations listed above.
         Please choose the Technical Support command on the Visual C++
          Help menu, or open the Technical Support help file for more information

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
e33ae7186e psa_crypto.c: adapt macros 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
dc215f4b97 Simplify calculations for clear mask 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
d80b6ed46d Use loop instead goto and fix misleading variable name 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
dc8d7d9211 fix mbedtls/psa status code mismatch 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
871a336028 Remove redundant psa_generate_derived_ecc_key_weierstrass_check_config() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
aaa1ada086 psa_generate_derived_ecc_key_weierstrass_check_config: Build only when ECC enabled 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
50fcc535e5 Add Weierstrass curve/bits consistancy check + negative test vectors 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
58ce8d8fb6 Add support for Montgomery curves 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
705fb0f918 Only Weierstrass curves supported 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
c6e4c512af psa_crypto.c: fix warning on windows compiler 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel
1dfd1224dc psa_generate_derived_ecc_key_helper: compile only when ECC is supported 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel
653481632e psa_generate_derived_ecc_key_helper: fix bugs found during testing 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel
d8cdcba970 Move derivation of ECC private key to helper function and refactor code 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel
1608e33606 PSA: implement key derivation for ECC keys 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Jerry Yu
782720787f Refactor write_certificate_verify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:28:13 +08:00
Jerry Yu
2124d05e06 Add sha384 and sha512 case 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
d66409ae92 Add non support sig alg check and test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
c8d8d4e01a fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
7db5b8f68c add rsa_pss_rsae_sha256 write support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
3391ac00d3 fix various issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
ca133a34c5 Change state machine 
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
537530d57a Add certificate request echo 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
3e536442f5 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
a23b9d954c fix undefine error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
7399d0d806 refactor write certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
1bb5a1ffe3 Implement received sig_algs check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
32e0c2d526 fix server only build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
90f152dfac fix psk only build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
72637c734b fix write certificate fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
8511f125af Add certificteVerify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
5cc3506c9f Add write certificate and client handler 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
566c781290 Add dummy state for client_certifiate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Ronald Cron
4579a972bf
Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1 
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
 2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard
e3a2dd787e
Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa 
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
 2022-02-21 16:58:57 +01:00
Gabor Mezei
d860e0f18b
Add comment 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei
0e7c6f4961
Check return value of psa_destroy_key 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei
26c6741c58
Add better name for variable. 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei
320d21cecf
Update documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei
c5efb8e58b
Use PSA error code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:38 +01:00
Gabor Mezei
89c1a95f8f
Delete leftover code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:59 +01:00
Gabor Mezei
b1f53976ee
Add documentation for mbedtls_psa_hkdf_extract 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:59 +01:00
Gabor Mezei
62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible 
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:57 +01:00
Gabor Mezei
9f4bb319c9
Implement HKDF extract in TLS 1.3 based on PSA HMAC 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:23:29 +01:00
Gilles Peskine
66971f8ab1 Add prototype for automatically generated debug helper 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
c63a1e0e15 Fix mbedtls_ssl_get_version() for TLSv1.3 
Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
e1a0c25f71 New function to access the TLS version from a context as an enum 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Tom Cosgrove
b9987fc344 Handle MBEDTLS_SHA256_USE_A64_* on Windows on ARM64 too 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-02-21 12:26:11 +00:00
Paul Elliott
436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build 
TLS1.3:Enable tls13 only build
 2022-02-21 11:22:37 +00:00
Tom Cosgrove
f3ebd90a1c SECLIB-667: Accelerate SHA-256 with A64 crypto extensions 
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.

The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-02-21 08:37:26 +00:00
Manuel Pégourié-Gonnard
9b545c04f7
Merge pull request #5520 from gabor-mezei-arm/5402_implement_hkdf_expand_based_on_psa_hmac 
HKDF 1b: Implement Expand in TLS 1.3 based on PSA HMAC
 2022-02-21 09:30:31 +01:00
Jerry Yu
f1b23caa4e move wrong comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
18621dfd23 remove extra empty line 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
50f2f703a7 remove extra guards 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
840fbb2817 guards populate_transform reference 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
4f9e3efbeb move session_save/load_tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
d9d91da7c7 move sig_hash_* 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
ee40f9d4b3 move get_key_exchange_md_tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
9bccc4c63f move populate_transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
e93ffcd2c7 move tls_prf_get_type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
392112c058 move tls12prf_from_cs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
0b3d7c1ea1 move parse_finished 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
3c8e47bbbf move write_finished 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
2a9fff571d move wrapup 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
aef0015ba0 move wrapup_free_hs_transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
b7ba49ef74 move calc_finished_tls_sha384 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
615bd6f5b9 move calc_finished_tls_sha256 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
d952669ad8 move write_certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
c2c673da59 move resend_hello_request 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
ce3dca4175 move psk_derive_premaster 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
c1cb384708 move calc_verify_tls_sha384 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
8392e0dae4 move calc_verify_tls_sha256 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
d62f87e151 move derive_keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
2a7b5ac791 move compute_master 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
d6ab235972 move use_opaque_psk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
f009d86186 move set_handshake_prfs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
dc7bd17d11 move tls_prf_sha256/384 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
ed14c93008 add static prototypes 
prepare for moving functions

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
53d23e2c95 Guards tls_prf functions with TLS1_2 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00