yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
19923 commits 1 branch 0 tags 94 MiB
Commit graph

8772 commits

Author SHA1 Message Date
Jerry Yu
406cf27cb5 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:14:53 +08:00
Jerry Yu
848ecce990 fix wrong typo in function name 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:14:52 +08:00
Jerry Yu
07869e804c fix psa crypto test fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
b02ee18e64 replace use_psa_crypto with psa_crypto_c 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
b6875bc17a change rsa_pss salt type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
704cfd2a86 fix comments and style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
718a9b4a3f fix doxgen fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
1d172a3483 Add pk_psa_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
8beb9e173d Change prototype of pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
67eced0132 replace pk_sign with pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
d69439aa61 add mbedtls_pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
3a58b462b6 add pss_rsae_sha{384,512} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
bfcfe74b4e add signature algorithm debug helper 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:33 +08:00
Jerry Yu
919130c035 Add rsa_pss_rsae_sha256 support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:33 +08:00
Gabor Mezei
1e64f7a643
Use MBEDTLS_USE_PSA_CRYPTO macro guard for testing instead of MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:54 +01:00
Gabor Mezei
1bf075fffd
Use SSL error codes 
The `psa_ssl_status_to_mbedtls` function is not only used for
cipher operations so transalte to TLS error codes.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:53 +01:00
Gabor Mezei
adfeadc6e5
Extend PSA error translation 
Add new error codes to the PSA to mbedtls error translation.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:53 +01:00
Gabor Mezei
58db65354b
Use the PSA-based HKDF functions 
Use the `mbedtls_psa_hkdf_extract` and `mbedtls_psa_hkdf_expand`
functions in the HKDF handling.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:53 +01:00
Paul Elliott
b9af2db4cf Add accessor for timing final delay 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-21 15:26:19 +00:00
Neil Armstrong
79daea25db Handle and return translated PSA errors in ssl_cookie.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-21 12:05:51 +01:00
Neil Armstrong
2d5e343c75 Use inline PSA code instead of using ssl_cookie_hmac in mbedtls_ssl_cookie_write() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-21 11:39:52 +01:00
Manuel Pégourié-Gonnard
f4042f076b
Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac 
TLS record HMAC
 2022-03-21 11:36:44 +01:00
Manuel Pégourié-Gonnard
706f6bae27
Merge pull request #5518 from superna9999/5274-ecdsa-signing 
PK: ECDSA signing
 2022-03-21 09:57:57 +01:00
Manuel Pégourié-Gonnard
472044f21e
Merge pull request #5525 from superna9999/5161-pk-rsa-encryption 
PK: RSA encryption
 2022-03-21 09:57:38 +01:00
Ronald Cron
8d7afc642c
Merge pull request #5523 from ronald-cron-arm/one-flush-output-development 
TLS 1.3: One flush output
 2022-03-21 08:44:04 +01:00
Neil Armstrong
62e6ea2c22 Avoid spurious write to *olen in PSA version of rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 15:39:49 +01:00
Neil Armstrong
17a0655c8d Add documentation to find_ecdsa_private_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 15:27:38 +01:00
Neil Armstrong
05132ed490 md_alg is used in ecdsa_sign_wrap(), cleanup code 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 15:14:57 +01:00
Neil Armstrong
cb753a6945 Use mbedtls_eckey_info directly in ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 15:14:48 +01:00
Przemek Stekiel
711d0f5e29 Add implemetation of ECP keypair export function 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-18 13:52:26 +01:00
Manuel Pégourié-Gonnard
e5b53193e0
Merge pull request #5636 from mprse/tls_ecdh_2b 
TLS ECDH 2b: client-side static ECDH (1.2)
 2022-03-18 11:36:53 +01:00
Neil Armstrong
29c0c040fc Only make PSA HMAC key exportable when NULL or CBC & not EtM in ssl_tls12_populate_transform() 
This requires moving the HMAC init after CIPHER init.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 11:10:09 +01:00
Neil Armstrong
9ebb9ff60c Reduce HMAC buffer usage in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 11:09:58 +01:00
Neil Armstrong
72c2f76c43 Assume MAC key length is always exactly the output size in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 11:09:36 +01:00
Neil Armstrong
36cc13b340 Use PSA defines for buffers in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 11:09:20 +01:00
Neil Armstrong
ae57cfd3e7 Use psa_ssl_status_to_mbedtls in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 10:00:10 +01:00
Neil Armstrong
28d9c631b8 Fix comments in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 10:00:10 +01:00
Ron Eldor
183264cb95 Fix shared library link error with cmake on Windows 
Set the library path as the current binary dir

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-17 12:07:50 +00:00
Manuel Pégourié-Gonnard
8d4bc5eeb9
Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac 
HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC
 2022-03-17 11:55:48 +01:00
Manuel Pégourié-Gonnard
15c0e39fff
Merge pull request #5519 from superna9999/5150-pk-rsa-decryption 
PK: RSA decryption
 2022-03-17 11:02:13 +01:00
Manuel Pégourié-Gonnard
7c92fe966a
Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection 
TLS Cipher 2a: tickets: use PSA for protection
 2022-03-17 09:50:09 +01:00
Manuel Pégourié-Gonnard
560ef5975c
Merge pull request #5613 from mprse/tls_ecdh_2a 
TLS ECDH 2a: server-side ECDHE-ECDSA and ECDHE-RSA (1.2)
 2022-03-17 09:29:41 +01:00
Przemek Stekiel
068a6b4013 ssl_check_server_ecdh_params():Adapt build flags 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-17 07:54:09 +01:00
Neil Armstrong
da1d80db19 Use mbedtls_rsa_info directly in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:36:32 +01:00
Neil Armstrong
7b1dc85919 Simplify padding check and get rid of psa_sig_md in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:36:06 +01:00
Neil Armstrong
6b03a3de5c Use mbedtls_rsa_info directly in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:31:07 +01:00
Neil Armstrong
8e80504b46 Simplify padding check and get rid of psa_sig_md in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:30:31 +01:00
Gabor Mezei
103e08aab9
Fix return value handling 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 13:45:41 +01:00
Przemek Stekiel
561a42392a ssl_parse_signature_algorithm(): refactor PSA CRYPTO code 
- use mbedtls_ecp_point_write_binary() instead mbedtls_mpi_write_binary().
- add check for ECDH curve type in server's certificate

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 13:16:24 +01:00
Gabor Mezei
5b8b890a61
Check PSA functions' return value before converting 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 12:56:58 +01:00
Gabor Mezei
36c9f51ef2
Use size_t instead of int to silence compiler warnings 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 12:55:32 +01:00
Gabor Mezei
4f4bac7e22
Remove blank lines 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 12:54:27 +01:00
Przemek Stekiel
dd482bfd6a Modify own_pubkey_max_len calculation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:43:22 +01:00
Przemek Stekiel
a4e15cc0d5 Fix comment: add fields size 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:32:42 +01:00
Przemek Stekiel
855938e17d Move mbedtls_ecdh_setup() to no-psa path 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:29:29 +01:00
Przemek Stekiel
338b61d6e4 Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:24:09 +01:00
Przemek Stekiel
d905d33488 ssl_write_client_key_exchange(): enable psa support for ECDH-ECDSA and ECDH-RSA key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 09:50:56 +01:00
Przemek Stekiel
ea4000f897 ssl_parse_signature_algorithm(): populate psa handshake fields when psa crypto is enabled 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 09:49:33 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless 
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
 2022-03-15 16:43:19 +00:00
Przemek Stekiel
ce1d792315 Remove duplicated code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 16:16:25 +01:00
Neil Armstrong
169e61add6 Zeroise stack buffer containing private key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-14 14:26:49 +01:00
Neil Armstrong
3aca61fdfc Zeroise stack buffer containing private key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-14 14:24:48 +01:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal 
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
 2022-03-14 12:57:37 +00:00
Przemek Stekiel
fc91a1f030 Use PSA for private key generation and public key export only for ECDHE keys 
This should be cleaned when server-side static ECDH (1.2) support is added (#5320).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 12:05:27 +01:00
Przemek Stekiel
a21af3da00 Use mbedtls_psa_parse_tls_ecc_group() instead PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa() ) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 10:09:13 +01:00
Przemek Stekiel
0a60c129de Add intermediate variables to increase code readability 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 09:54:51 +01:00
Przemek Stekiel
e9f00445bc Destroy ecdh_psa_privkey on failure 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 09:42:32 +01:00
Przemek Stekiel
130c4b5567 Use PSA version of key agreement only for ECDHE keys 
This should be cleaned when server-side static ECDH (1.2) support is added (#5320).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 09:18:24 +01:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc 
PSA: implement key derivation for ECC keys
 2022-03-14 09:17:13 +01:00
Gilles Peskine
81d903f5aa
Merge pull request #5510 from SiliconLabs/feature/PSEC-3269-MD-X.509-hashing 
feat: MD: X.509 hashing
 2022-03-10 20:16:43 +01:00
Gilles Peskine
afb482897b
Merge pull request #5292 from mprse/asym_encrypt 
Driver dispatch for PSA asymmetric encryption + RSA tests
 2022-03-10 20:07:38 +01:00
Gabor Mezei
49c8eb3a5a
Enable chachcapoly cipher for SSL tickets 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Gabor Mezei
2a02051286
Use PSA in TLS ticket handling 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Gabor Mezei
e6d867f476
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 15:04:58 +01:00
Ronald Cron
a8b38879e1 Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-10 13:58:17 +01:00
Ronald Cron
7a94aca81a Move state change from CLIENT_CERTIFICATE to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-10 13:58:04 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Przemek Stekiel
fd32e9609b ssl_parse_client_key_exchange(): read the curve identifier and the peer's public key and compute the shared secret using PSA 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-09 16:01:59 +01:00
Przemek Stekiel
b6ce0b6cd8 ssl_prepare_server_key_exchange(): generate a private/public key and write out the curve identifier and public key using PSA 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-09 16:01:50 +01:00
Ronald Cron
5bb8fc830a Call Certificate writing generic handler only if necessary 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
3f20b77517 Improve comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
00d012f2be Fix type of force_flush parameter 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
9f55f6316e Move state change from CSS states to their main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
3addfa4964 Move state change from WRITE_CLIENT_HELLO to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
66dbf9118e TLS 1.3: Do not send handshake data in handshake step handlers 
Send data (call to mbedtls_ssl_flush_output()) only from
the loop over the handshake steps. That way, we do not
have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE
error code) on the network in handshake step handlers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
9df7c80c78 TLS 1.3: Always go through the CLIENT_CERTIFICATE state 
Even if certificate authentication is disabled at build
time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state.
It simplifies overall the code for a small code size
cost when certificate authentication is disabled at build
time. Furthermore that way we have only one point in the
code where we switch to the handshake keys for record
encryption.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:50:08 +01:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn 
Port ALPN support for tls13 client from tls13-prototype
 2022-03-08 17:53:38 +00:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c 
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
 2022-03-08 11:43:45 +01:00
Przemek Stekiel
c85f0912c4 psa_crypto.c, test_suite_psa_crypto.function: fix style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-08 11:37:54 +01:00
Gilles Peskine
44311f5c98
Merge pull request #5571 from superna9999/5162-pk-rsa-signing 
PK: RSA signing
 2022-03-07 17:09:14 +01:00
Gilles Peskine
15364ffb03
Merge pull request #5579 from SiliconLabs/erase_secret_before_free 
Erase secrets in allocated memory before freeing said memory
 2022-03-07 17:04:04 +01:00
Neil Armstrong
6d5baf5f1e Use PSA MAC verify API in mbedtls_ssl_cookie_check() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong
be52f500c8 Use PSA_ALG_TRUNCATED_MAC() to limit to COOKIE_HMAC_LEN in mbedtls_ssl_cookie_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong
7cd0270d6c Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong
2217d6f825 Generate cookie MAC key with psa_generate_key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
pespacek
b9ca22dead Improving readability of x509_crt and x509write_crt for PR 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-03-07 13:59:44 +01:00
pespacek
d924e55944 Improving readability of x509_crt and x509write_crt 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-03-07 13:31:54 +01:00
Przemek Stekiel
7fc0751f78 Restore build options for mbedtls_ecc_group_of_psa() and related functions 
Additional issue created to simplifiy usage of BUILTIN_KEY_TYPE_xxx && BUILTIN_ALG_yy macros https://github.com/ARMmbed/mbedtls/issues/5596

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-06 20:43:46 +01:00
Neil Armstrong
77b69ab971 Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:45 +01:00
Neil Armstrong
23d34ce372 Use PSA HMAC API in ssl_cookie_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:45 +01:00
Neil Armstrong
d633201279 Import PSA HMAC key in mbedtls_ssl_cookie_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:18 +01:00
Andrzej Kurek
09e803ce0d Provide a dummy implementation of timing.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek
108bf520e0 Add a missing guard for time.h in net_sockets.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Daniel Axtens
f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 05:07:45 -05:00
Neil Armstrong
bca99ee0ac Add PSA key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 10:20:20 +01:00
Neil Armstrong
e87804920a Use new PSA to mbedtls PK error mapping functions in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:54:16 +01:00
Neil Armstrong
b556a42656 Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
f47135756c Map INVALID_PADDING from PSA to MbedTLS error in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
0d46786034 Fix style issue in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
f1b564bb8d Check psa_destroy_key() return in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
18f43c7304 PK: RSA decrypt PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
e4edcf761d Use new PSA to mbedtls PK error mapping functions in ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:46:41 +01:00
Neil Armstrong
ff70f0bf77 Check psa_destroy_key() return in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
edcc73c992 Fix 80 characters indentation in ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
dab14de96a Use now shared ECP_PRV_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
15021659d1 Move pk_ecdsa_sig_asn1_from_psa() before ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
5874aa38f7 Fix style issue in find_ecdsa_private_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
cf5a215a43 Check psa_destroy_key() return in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
e960690b89 PK: ECDSA signing PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
db69c5213f Use new PSA to mbedtls PK error mapping functions in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:41:23 +01:00
Neil Armstrong
66fa769ae8 Fix 80 characters indentation in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
4b1a059f7d Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
48a9833cdf Check psa_destroy_key() return in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
e4f28688fd Fix comment typo in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
9854568204 PK: RSA signing PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
3770e2483f Use new PSA to mbedtls PK error mapping functions in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:37:33 +01:00
Neil Armstrong
deb4bfb2b9 Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong
9dccd866c3 Check psa_destroy_key() return in ecdsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong
7dd3b20d36 Check psa_destroy_key() return in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong
ac014ca5d9 Fix comment typos in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong
96a16a429b PK: RSA encrypt PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Gilles Peskine
1f13e984ad
Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls 
Rename, move and refine PSA to mbedtls PK errors mappings
 2022-03-03 13:30:29 +01:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters 
Add function to get message digest info from context
 2022-03-02 16:44:26 +01:00
Gilles Peskine
e8c8300190
Merge pull request #5581 from superna9999/pk-move-rename-rsa-ec-key-sizes 
Move max sizes of RSA & EC DER keys into public header
 2022-03-02 16:41:53 +01:00
Neil Armstrong
6828d8fdc4 Return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if MAC algorithm isn't supported in ssl_tls.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:37:11 +01:00
Neil Armstrong
6958bd0206 Clean aux_out in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:37:11 +01:00
Neil Armstrong
4313f55a13 Simplify error handling of PSA mac operationsg in ssl_msg.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:37:04 +01:00
Neil Armstrong
321116c755 Remove spurious debug in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:06:15 +01:00
Przemek Stekiel
e894c5c4a5 Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-02 08:45:56 +01:00
Paul Elliott
06898650f9
Merge pull request #5471 from yuhaoth/pr/add-tls13-client-certificate-verify 
TLS1.3: Add write client Certificate and CertificateVerify
 2022-03-01 18:42:00 +00:00
Przemek Stekiel
15565eeb59 Move publick key check out of MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 17:01:39 +01:00
Neil Armstrong
19915c2c00 Rename error translation functions and move them to library/pk_wrap.* 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 15:21:02 +01:00
Przemek Stekiel
a81aed2dae Clean up init values of psa crypto status and fix switch default case 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 15:13:30 +01:00
Przemek Stekiel
f110dc05be Clenup conditional compilation flags. 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 14:48:05 +01:00
Przemek Stekiel
dcab6ccb3b Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled. 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 14:29:49 +01:00
Neil Armstrong
0f49f83625 Use now shared ECP_PUB_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 10:05:33 +01:00
Neil Armstrong
e9ecd27890 Rename max sizes of RSA & EC DER keys defines 
Rename to match the required pattern of defines:
'^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$'

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 10:03:21 +01:00
Neil Armstrong
e0326a6acc Move max sizes of RSA & EC DER keys into private pkwrite.h 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 09:58:58 +01:00
Glenn Strauss
6989407261 Add accessor to retrieve SNI during handshake 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b Provide means to reset handshake cert list 
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0 Add server certificate selection callback 
https://github.com/ARMmbed/mbedtls/issues/5430

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 17:31:49 -05:00
Neil Armstrong
e858996413 Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf() 
Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:17:50 +01:00
Neil Armstrong
2968d306e4 Implement mbedtls_ct_hmac() using PSA hash API 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:50 +01:00
Neil Armstrong
cf8841a076 Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined 
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
26e6d6764e Use PSA MAC API in mbedtls_ssl_encrypt/decrypt_buf() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
0760ade761 Setup & Import HMAC keys in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Steven Cooreman
cd5be32191 Erase secrets in allocated memory before freeing said memory 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2022-02-25 11:14:59 +01:00
Andrzej Kurek
a0237f86d3 Add missing key destruction calls in ssl_write_client_key_exchange 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-25 04:36:40 -05:00
Tom Cosgrove
7e7aba8c9d Rename mbedtls_a64_crypto_sha256_check_support() to mbedtls_a64_crypto_sha256_determine_support() 
The Mbed TLS coding standard specifies that "check" functions must return 0
for success (i.e. feature present), while "has" functions should return 1 for
true. Since we were using "check" to do the actual check, and "has" to get the
cached value, having inverted values here would be confusing.  Therefore,
rename "check" to "determine", as that's what those functions are doing.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-02-24 08:33:11 +00:00
Jerry Yu
71f36f1d2e change alert message type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-23 17:34:29 +08:00
Neil Armstrong
39b8e7dde4 Add, Initialize & Free HMAC keys in mbedtls_ssl_transform 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-23 09:24:57 +01:00
Jerry Yu
0b7b101b3b fix warnings 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-23 12:26:48 +08:00
Jerry Yu
2ff6ba1df0 Remove rsa_pss_rsae_sha256 support. 
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-23 10:38:25 +08:00
Przemyslaw Stekiel
91ebfc0402 Adapt compilation flags for ECC key derivation 
Use conditional compilation flags for building ECC key derivation code consistent with flags used for mbedtls_ecc_group_of_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 15:50:30 +01:00
Neil Armstrong
3f9cef4547 Remove actual and use new PSA to mbedtls PK errors mapping functions 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 15:44:39 +01:00
Neil Armstrong
ea761963c5 Add specialized PSA to mbedtls PK/RSA error mapping function 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 14:37:00 +01:00
Neil Armstrong
cd501f406e Add specialized PSA to mbedtls PK/ECDSA error mapping function 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 14:37:00 +01:00
Neil Armstrong
a3fdfb4925 Introduce new PSA to mbedtls PK error mapping function 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 14:37:00 +01:00
Przemyslaw Stekiel
76960a7217 mbedtls_mpi_read_binary() document that function guarantees to return an MPI with exactly the necessary number of limbs and remove redundant call to mbedtls_mpi_grow() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
aeaa4f0651 Code optimization 
- fix codding style
- fix comments and descriptions
- add helper function for montgomery curve
- move N-2 calculation outside the loop
- fix access to <data> bytes: *data[x] -> (*data)[x]

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
6d3d18b2dc psa_generate_derived_key_internal, psa_generate_derived_ecc_key_weierstrass_helper: optimize the code 
Perform the following optimizations:
- fix used flags for conditional compilation
- remove redundant N variable
- move loop used to generate valid k value to helper function
- fix initial value of status
- fix comments

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
924815982a Workaround for VS compiler build error 
The following error was reported by CI for win32/release builds:

37>Done Building Project "C:\builds\workspace\mbed-tls-pr-head_PR-5139-head\worktrees\tmp_nn5muy8\visualc\VS2010\gen_entropy.vcxproj.metaproj" (Rebuild target(s)).
67>c:\builds\workspace\mbed-tls-pr-head_pr-5139-head\worktrees\tmp_nn5muy8\library\psa_crypto.c(4840): fatal error C1001: An internal error has occurred in the compiler. [C:\builds\workspace\mbed-tls-pr-head_PR-5139-head\worktrees\tmp_nn5muy8\visualc\VS2010\key_ladder_demo.vcxproj]
         (compiler file 'f:\dd\vctools\compiler\utc\src\p2\main.c', line 228)
          To work around this problem, try simplifying or changing the program near the locations listed above.
         Please choose the Technical Support command on the Visual C++
          Help menu, or open the Technical Support help file for more information

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
e33ae7186e psa_crypto.c: adapt macros 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
dc215f4b97 Simplify calculations for clear mask 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
d80b6ed46d Use loop instead goto and fix misleading variable name 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
dc8d7d9211 fix mbedtls/psa status code mismatch 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
871a336028 Remove redundant psa_generate_derived_ecc_key_weierstrass_check_config() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
aaa1ada086 psa_generate_derived_ecc_key_weierstrass_check_config: Build only when ECC enabled 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
50fcc535e5 Add Weierstrass curve/bits consistancy check + negative test vectors 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
58ce8d8fb6 Add support for Montgomery curves 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
705fb0f918 Only Weierstrass curves supported 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
c6e4c512af psa_crypto.c: fix warning on windows compiler 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel
1dfd1224dc psa_generate_derived_ecc_key_helper: compile only when ECC is supported 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel
653481632e psa_generate_derived_ecc_key_helper: fix bugs found during testing 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel
d8cdcba970 Move derivation of ECC private key to helper function and refactor code 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel
1608e33606 PSA: implement key derivation for ECC keys 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Jerry Yu
782720787f Refactor write_certificate_verify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:28:13 +08:00
Jerry Yu
2124d05e06 Add sha384 and sha512 case 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
d66409ae92 Add non support sig alg check and test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
c8d8d4e01a fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
7db5b8f68c add rsa_pss_rsae_sha256 write support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
3391ac00d3 fix various issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
ca133a34c5 Change state machine 
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
537530d57a Add certificate request echo 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
3e536442f5 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
a23b9d954c fix undefine error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
7399d0d806 refactor write certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
1bb5a1ffe3 Implement received sig_algs check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
32e0c2d526 fix server only build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
90f152dfac fix psk only build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
72637c734b fix write certificate fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
8511f125af Add certificteVerify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
5cc3506c9f Add write certificate and client handler 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
566c781290 Add dummy state for client_certifiate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Ronald Cron
4579a972bf
Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1 
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
 2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard
e3a2dd787e
Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa 
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
 2022-02-21 16:58:57 +01:00
Gabor Mezei
d860e0f18b
Add comment 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei
0e7c6f4961
Check return value of psa_destroy_key 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei
26c6741c58
Add better name for variable. 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei
320d21cecf
Update documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei
c5efb8e58b
Use PSA error code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:38 +01:00
Gabor Mezei
89c1a95f8f
Delete leftover code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:59 +01:00
Gabor Mezei
b1f53976ee
Add documentation for mbedtls_psa_hkdf_extract 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:59 +01:00
Gabor Mezei
62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible 
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:57 +01:00
Gabor Mezei
9f4bb319c9
Implement HKDF extract in TLS 1.3 based on PSA HMAC 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:23:29 +01:00
Gilles Peskine
66971f8ab1 Add prototype for automatically generated debug helper 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
c63a1e0e15 Fix mbedtls_ssl_get_version() for TLSv1.3 
Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
e1a0c25f71 New function to access the TLS version from a context as an enum 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Tom Cosgrove
b9987fc344 Handle MBEDTLS_SHA256_USE_A64_* on Windows on ARM64 too 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-02-21 12:26:11 +00:00
Paul Elliott
436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build 
TLS1.3:Enable tls13 only build
 2022-02-21 11:22:37 +00:00
Tom Cosgrove
f3ebd90a1c SECLIB-667: Accelerate SHA-256 with A64 crypto extensions 
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.

The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-02-21 08:37:26 +00:00
Manuel Pégourié-Gonnard
9b545c04f7
Merge pull request #5520 from gabor-mezei-arm/5402_implement_hkdf_expand_based_on_psa_hmac 
HKDF 1b: Implement Expand in TLS 1.3 based on PSA HMAC
 2022-02-21 09:30:31 +01:00
Jerry Yu
f1b23caa4e move wrong comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
18621dfd23 remove extra empty line 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
50f2f703a7 remove extra guards 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
840fbb2817 guards populate_transform reference 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
4f9e3efbeb move session_save/load_tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
d9d91da7c7 move sig_hash_* 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
ee40f9d4b3 move get_key_exchange_md_tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
9bccc4c63f move populate_transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
e93ffcd2c7 move tls_prf_get_type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
392112c058 move tls12prf_from_cs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
0b3d7c1ea1 move parse_finished 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
3c8e47bbbf move write_finished 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
2a9fff571d move wrapup 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
aef0015ba0 move wrapup_free_hs_transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
b7ba49ef74 move calc_finished_tls_sha384 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
615bd6f5b9 move calc_finished_tls_sha256 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
d952669ad8 move write_certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
c2c673da59 move resend_hello_request 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
ce3dca4175 move psk_derive_premaster 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
c1cb384708 move calc_verify_tls_sha384 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
8392e0dae4 move calc_verify_tls_sha256 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
d62f87e151 move derive_keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
2a7b5ac791 move compute_master 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
d6ab235972 move use_opaque_psk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
f009d86186 move set_handshake_prfs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
dc7bd17d11 move tls_prf_sha256/384 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
ed14c93008 add static prototypes 
prepare for moving functions

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu
53d23e2c95 Guards tls_prf functions with TLS1_2 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
c73c618094 Wrap function not used by test_tls13_only 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

# Conflicts:
#	library/ssl_tls13_generic.c
 2022-02-21 09:06:00 +08:00
Jerry Yu
bef175db96 Wrap derive_keys with TLS1_2 option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
cc43c6bee5 fix coding style issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
e754193e87 Remove guard inside ssl_srv.c 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
fb4b6478ee tls13_only: improve guards of files. 
To improve readability of the preprocess guards.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
db8c48aaff tls13_only:Remove unnecessary functions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
7d2396332d fix wrong setting of max_minor version 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
c5aef88be6 tls13_only: guard ssl_{cli,srv}.c with TLS1_2 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
c10f6b4735 tls13_only: simple test pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
c3091b1c8c tls13_only: compile pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Andrzej Kurek
d70fa0e327 Restructure error handling in mbedtls_pk_verify_ext 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-17 10:51:15 -05:00
pespacek
3015148ae6 Improving readability 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-17 16:08:23 +01:00
Gabor Mezei
8e3602569b
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-17 11:50:02 +01:00
Manuel Pégourié-Gonnard
4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0 
feat: Update test_suite_psa_its to NOT use UID=0
 2022-02-17 11:49:33 +01:00
Gilles Peskine
57b1ff39c2
Merge pull request #5377 from hanno-arm/ecp_add_mixed_fewer_mpis 
Minor improvements to ECC arithmetic subroutines
 2022-02-17 10:27:18 +01:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto 
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
 2022-02-16 17:33:47 +01:00
Andrzej Kurek
59550537f0 Change signature_length type to size_t 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-16 07:46:42 -05:00
Andrzej Kurek
4a953cdd9f pk: properly handle signatures in larger buffers when using PSA 
As stated in function documentation.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-16 06:13:35 -05:00
Gabor Mezei
8d5a4cbfdb
Check return value of psa_destroy_key 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-15 16:23:17 +01:00
Gabor Mezei
833713c35c
Add better name for variable 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-15 16:16:08 +01:00
Andrzej Kurek
8666df6f18 Add signature length mismatch handling when using PSA in pk_verify_ext 
Introduce a regression test for that too.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-15 08:23:02 -05:00
Andrzej Kurek
90ba2cbd0a Cosmetic changes to return placement and variable naming 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-15 08:18:44 -05:00
Manuel Pégourié-Gonnard
a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref 
Ensure ctr_drbg is initialised every time in fuzz_server
 2022-02-15 10:31:03 +01:00
Ronald Cron
b788c044b7 Use PSA status to Mbed TLS error code conversion function 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-15 09:14:15 +01:00
Manuel Pégourié-Gonnard
e14b644f4d
Merge pull request #5456 from mpg/cleanup-ecdh-psa 
Cleanup PSA-based ECDHE in TLS 1.2
 2022-02-15 09:09:07 +01:00
Przemyslaw Stekiel
0f5ecefbe9 Clean up the code 
- remove redundant local buffer
- fix code style

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-15 08:53:36 +01:00
Przemyslaw Stekiel
4b3fff43a8 Destroy ecdh_psa_privkey on HRR 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-15 08:53:26 +01:00
Przemyslaw Stekiel
169f115bf0 ssl_client2: init psa crypto for TLS 1.3 build 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 17:15:04 +01:00
lhuang04
86cacac91a Port ALPN support for tls13 client from tls13-prototype 
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124).

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-02-14 08:03:32 -08:00
pespacek
a6e955e729 X.509: x509write_crt_set_key_identifier created 
Function mbedtls_x509write_crt_set_key_identifier
was implemented to provide functionality of both
mbedtls_x509write_crt_set_authority_key_identifier
and
mbedtls_x509write_crt_set_subject_key_identifier.

Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-14 15:20:57 +01:00
pespacek
a7a646986f Improving readability 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-14 15:18:43 +01:00
pespacek
b9f07a79a7 Changing buffer size checks. 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-14 15:13:26 +01:00
pespacek
3110c7b340 Changing error codes. 
Change from MBEDTLS_ERR_ERROR_GENERIC_ERROR
to MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
where PSA crypto is used.

Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-14 15:07:41 +01:00
PeterSpace
c2774a3ad4 Update library/psa_its_file.c 
Signed-off-by: pespacek <peter.spacek@silabs.com>
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
 2022-02-14 12:24:56 +01:00
Przemyslaw Stekiel
4f419e55a1 ssl_tls13_write_key_share_ext: initialize key_exchange_len (compiler warning) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:19:53 +01:00
Przemyslaw Stekiel
c0824bfb11 Change mbedtls_ssl_tls13_key_schedule_stage_handshake() to use psa_raw_key_agreement() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:19:45 +01:00
Przemyslaw Stekiel
6d6aabdb0d Remove unused function: ssl_tls13_check_ecdh_params() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:13:10 +01:00
Przemyslaw Stekiel
9e23ddb09d Change ssl_tls13_read_public_ecdhe_share() to use PSA-specific parsing code. 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:13:00 +01:00
Ronald Cron
f6893e11c7 Finalize PSA hash operations in TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-11 16:10:34 +01:00
Przemyslaw Stekiel
ea859c24b7 Change ssl_tls13_generate_and_write_ecdh_key_exchange() to use PSA 
Generate ECDH private key using psa_generate_key()
Export the public part of the ECDH private key using psa_export_public_key()

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-11 15:17:05 +01:00
Paul Elliott
00738bf65e Ensure ctr_drbg is initialised every time 
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.

Add extra validation to attempt to catch this issue in future.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-10 18:38:53 +00:00
Przemyslaw Stekiel
b15f33d496 Enable ecdh_psa_xxx fields in struct mbedtls_ssl_handshake_params for TLS 1.3 
These fields need to be enabled for 1.3 even if MBEDTLS_USE_PSA_CRYPTO isn't (1.3 should always use PSA).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-10 15:24:27 +01:00
Gabor Mezei
9607ab4dbd
Prevent function not used compilation error 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-10 10:57:24 +01:00
Gabor Mezei
a3eecd242c
Implement HKDF expand in TLS 1.3 based on PSA HMAC 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-10 10:57:23 +01:00
Glenn Strauss
a941b62985 Create public macros for ssl_ticket key,name sizes 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 15:28:28 -05:00
Glenn Strauss
a950938ff0 Add mbedtls_ssl_ticket_rotate for ticket rotation. 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 14:33:15 -05:00
Andrzej Kurek
7db1b78fff Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO 
Duplicate a test case but with a different expected error
due to error translation to and from PSA.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-09 14:13:44 -05:00
Jerry Yu
7840f81303 fix client_auth fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-09 19:43:22 +08:00
Manuel Pégourié-Gonnard
62b49cd06a
Merge pull request #5472 from yuhaoth/pr/move-client-auth 
Move client_auth to handshake
 2022-02-09 10:57:00 +01:00
Ronald Cron
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request 
add tls1_3 read certificate request
 2022-02-09 09:51:55 +01:00
Xiaofei Bai
7c8b6a97b9 Update CertificateRequest skip condition 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-02-08 15:21:13 +00:00
Jerry Yu
5c7d1cce97 fix typo error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-08 21:08:29 +08:00
Jerry Yu
2d9a694088 change type of client_auth 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-08 21:07:10 +08:00
pespacek
e990100ddb BUGFIX: psa_its_set now rejects UID = 0 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-08 14:05:41 +01:00
pespacek
7599a7744e X.509: use PSA for hashing under USE_PSA_CRYPTO 
When MBEDTLS_USE_PSA_CRYPTO is enabled, use psa_hash_xxx rather than
mbedtls_md_xxx.

Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-08 11:27:42 +01:00
Xiaofei Bai
c234ecf695 Update mbedtls_ssl_handshake_free() and address review comments. 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-02-08 10:26:42 +00:00
Manuel Pégourié-Gonnard
45c5768a74
Merge pull request #5434 from mprse/tls_use_psa 
TLS Cipher: use PSA crypto
 2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard
5d6053f548 Fix a typo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 10:26:19 +01:00
Xiaofei Bai
51f515a503 update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-02-08 07:28:04 +00:00
Jerry Yu
0ff8ac89f5 fix comments issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-08 10:10:48 +08:00
Przemyslaw Stekiel
c499e33ed0 ssl_msg.c: Change message in MBEDTLS_SSL_DEBUG_RET() to be the failed function name instead current function name 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-07 15:12:05 +01:00
Manuel Pégourié-Gonnard
ff229cf639 Add debug message for wrong curve 
The non-PSA path has a debug message here, so let's have a similar one
in the PSA case - just add the curve ID to be a bit more informative.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-07 12:00:32 +01:00
Manuel Pégourié-Gonnard
422370d633 Improve a comment and fix some whitespace 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-07 11:55:21 +01:00
Przemyslaw Stekiel
c8a06feae6 ssl_msg.c: Optimize null/stream cipher decryption/encryption 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-07 10:52:47 +01:00
Przemyslaw Stekiel
98ef6dca68 Remove redundant new lines 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-07 08:04:39 +01:00
Przemyslaw Stekiel
6928a5164d Compile mbedtls_ssl_cipher_to_psa() conditionally under MBEDTLS_USE_PSA_CRYPTO only 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
8c010eb467 Fix comments, code style, remove debug code 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
6b2eedd25f ssl_msg.c: add debug code for psa failures 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:14 +01:00
Manuel Pégourié-Gonnard
141be6cc7f Fix missing check on server-chosen curve 
We had this check in the non-PSA case, but it was missing in the PSA
case.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
0d63b84fa4 Add mbedtls_ssl_check_curve_tls_id() (internal) 
This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).

Note that new function doesn't depend on ECP_C, as it only requires
mbedtls_ssl_get_groups(), which is always available. As a general rule,
functions for defining and enforcing policy in the TLS module should not
depend on low-level modules but work with TLS-level identifiers are much
as possible, and this new function follows that principle.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
3caa0edb9b Remove dead preprocessor code 
There's no way currently (see below regarding the future) that ECC-based
key exchanges are enabled without ECP_C being defined. So, the #if was
fully redundant with the checks surrounding the function, as it always
evaluated to true.

The situation arose as, in the old days (before Mbed TLS 2.0),
mbedtls_ssl_conf_curves() (or ssl_set_curves() as it was called back
then) was optional, controlled by its own compile-time option
POLARSSL_SSL_SET_CURVES. So, in turn mbedtls_ssl_check_curve() depended
on POLARSSL_SSL_SET_CURVES too, and all calls to it were guarded by
that.

When it was made non-optional, a blind
s/POLARSSL_SSL_SET_CURVES/MBEDTLS_ECP_C/ was done, which resulted in
stupid situations like this with redundant checks for ECP_C.

Note regarding the future: at some point it will be possible to compile
with ECC-based key exchanges but without ECP_C. This doesn't change
anything to the reasoning above: mbedtls_ssl_check_curve() will be
available in all builds where ECC is used; it will just need a new
definition (with new guards), but that doesn't change anything for its
callers.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
4a0ac1f160 Remove mbedtls_psa_tls_ecpoint_to_psa_ec() 
Same reasons as for the previous commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
58d2383ef4 Remove mbedtls_psa_tls_psa_ec_to_ecpoint() 
Initially this function was doing something because the output format of
psa_export_public() didn't match the ECPoint format that TLS wants.

Then it became a no-op then the output format of psa_export_public()
changed, but it made sense to still keep the function in case the format
changed again. Now that the PSA Crypto API has reached 1.0 status, this
is unlikely to happen, so the no-op function is no longer useful.

Removing it de-clutters the code a bit; while at it we can remove a
temporary stack buffer (that was up to 133 bytes).

It's OK to remove this function even if it was declared in a public
header, as there's a warning at the top of the file saying it's not part
of the public API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:14 +01:00
Manuel Pégourié-Gonnard
e5119898e4 Improve a comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:13 +01:00
Przemyslaw Stekiel
d66387f8fa Init psa status to PSA_ERROR_CORRUPTION_DETECTED 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
b97556e8d1 mbedtls_ssl_encrypt/decrypt_buf: remove dead code 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 09:16:29 +01:00
Przemyslaw Stekiel
f9cd60853f ssl_tls1X_populate_transform(): import psa keys only if alg is not MBEDTLS_SSL_NULL_CIPHER 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-01 11:25:55 +01:00
Manuel Pégourié-Gonnard
9cb7b8d263
Merge pull request #5469 from Unity-Technologies/windows-arm64-workaround 
Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug
 2022-02-01 09:21:27 +01:00
Tautvydas Žilys
40fc7da101 Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1. 
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
 2022-01-31 13:34:01 -08:00
Przemyslaw Stekiel
77aec8d181 Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel
be47ecf5e2 mbedtls_ssl_get_record_expansion: use same condidion set as for non-psa build 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 17:50:00 +01:00
Przemyslaw Stekiel
2c87a200a3 ssl_write_encrypt_then_mac_ext(): adapt to psa crypto 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
89dad93a78 Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
399ed51185 Fix condition in mbedtls_ssl_get_record_expansion 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
e5c2238a99 Move mbedtls_ssl_cipher_to_psa() and psa_status_to_mbedtls() defs out of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED build flag 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
f57b45660d Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention. 
New function name:  mbedtls_ssl_cipher_to_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
1d714479a3 mbedtls_ssl_get_record_expansion: rework switch statement for psa 
As PSA_ALG_IS_AEAD( transform->psa_alg ) can't be used as switch labels (switch labels must be constant expressions, they have to be evaluated at compile time) refactor switch to "if else" statement.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
e88477844c Adapt the mbed tls mode: ccm or gcm or cachapoly to psa version 
mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_GCM || mode == MBEDTLS_CHACHAPOLY is equivalent to PSA_ALG_IS_AEAD( alg ).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
221b52791e ssl_msg.c: fix parm in call to mbedtls_ssl_decrypt_buf() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
9b22c2b1e6 Rename: mbedtls_cipher_to_psa -> tls_mbedtls_cipher_to_psa 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
6be9cf542f Cleanup the code 
Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
d4eab57933 Skip psa encryption/decryption for null cipher 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
ce09e7d868 Use psa_status_to_mbedtls() for psa error case 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
fe7397d8a7 Fix key attributes encrypt or decrypt only (not both) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
dd7b501c92 Move PSA init after taglen is set 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
e87475d834 Move psa_status_to_mbedtls to ssl_misc.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
8398a67e31 Fix description of the translation function 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
1fe065b235 Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
2e9711f766 mbedtls_ssl_decrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_decrypt_ext() with PSA calls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
b37fae122c mbedtls_ssl_encrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_encrypt_ext() with PSA calls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
76e1583483 Convert psa status to mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
11a33e6d90 Use PSA_BITS_TO_BYTES macro to convert key bits to bytes 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ae77b0ab28 mbedtls_ssl_tls13_populate_transform: store the en/decryption keys and alg in the new fields 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ffccda45df ssl_tls12_populate_transform: store the en/decryption keys and alg in the new fields 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ce37d11c67 mbedtls_ssl_transform_free(): fix destruction of psa keys 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
8f80fb9b1d Adapt in mbedtls_ssl_transform_init() and mbedtls_ssl_transform_free() after extending mbedtls_ssl_transform struct 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
44187d7a3e Extend mbedtls_ssl_transform struct for psa keys and alg 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
430f337b49 Add helper function to translate mbedtls cipher type/mode pair to psa: algorithm, key type and key size. 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Paul Elliott
a9f32fbb21
Merge pull request #5382 from lhuang04/tls13_f_export_keys 
Swap the client and server random for TLS 1.3 f_export_keys
 2022-01-28 12:09:19 +00:00
Xiaofei Bai
6d42bb430c Update mbedtls_ssl_handshake_free() 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-28 10:05:51 +00:00
Manuel Pégourié-Gonnard
f7d704dbd2 Avoid dead code in some configurations 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-28 10:05:56 +01:00
Xiaofei Bai
f5b4d25cfa Add received_sig_algs member to struct mbedtls_ssl_handshake_params 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-28 06:37:15 +00:00
Jerry Yu
fb28b88e26 move client_auth to handshake 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-28 11:05:58 +08:00
lhuang04
a3890a3427 Swap the client and server random for TLS 1.3 
Summary:

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-01-27 06:00:43 -08:00
XiaokangQian
8499b6ce25 Only free verify_cookie in tls 1.3 case. 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 09:00:11 +00:00
Xiaofei Bai
82f0a9a1db Rebase and address review comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-27 07:53:52 +00:00
XiaokangQian
a909061c2a Refine HRR parse successfully message in test cases 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 03:48:27 +00:00
XiaokangQian
34909746df Change cookie free code and some comments 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 02:25:04 +00:00
Tautvydas Žilys
60165d7708 Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug. 
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
 2022-01-26 15:44:10 -08:00
XiaokangQian
52da558103 Change code base on comments 
Align the alert type in parse_server_hello
Remove MBEDTLS_SSL_COOKIE_C guard
Enable cookie for both DTLS and TLS1.3

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
aec1f3e913 Cookie fields are used only by DTLS 1.3 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
b119a35d07 Refine fatal alert in parse_server_hello 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
d59be77ce7 Refine code based on comments 
Add comments for parse hrr key share and cookie
Change variable names based on RFC8466
Refine fatal allerts in parse server hello and hrr

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
0ece998287 Refine code in mbedtls_ssl_reset_transcript_for_hrr 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
f1e7d12cb6 Fix compile issues in mbedtls_ssl_session_reset_msg_layer 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
43550bd761 Prepare function to parse hrr cookie extension 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
2b01dc30cb Add hrr no change check and allign mbedtls_ssl_session_reset_msg_layer 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
355e09ae9d Change code base on comments 
Change functions name
Change some comments
Improve hrr test case for gnutls

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
78b1fa7e81 Update code base on comments 
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
53f20b71c5 Improve ssl_tls13_parse_server_hello 
Avoid coping random bytes in hrr
Send illegal parameter alert when cipher suite mismatch
Send illegal parameter alert when supported_version not exist

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
d9e068e10b Change code based on comments 
Align coding styles
Add hrr parameter for ssl_tls13_parse_server_hello
Add reset steps for SHA384 in HRR

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
8945db36ab Reduce paramter hrr from ssl_tls13_parse_server_hello 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
b48894eca4 Add buffer check for named group 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
16acd4b3e4 Reject the second HRR earlier and align naming styles 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
b851da8a44 Re-construct the code to merge hello and hrr based on comments 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
0b56a8f85c Replace curve_list with group_list and add update test scripts 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
51eff22c9b Align oode style with server hello parse 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
647719a172 Add hello retry request in client side 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:50:06 +00:00
Xiaofei Bai
69fcd39774 Update CertificateRequest tests and the parsing function 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:32:29 +00:00
Xiaofei Bai
de3f13e0b8 update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:31:54 +00:00
Xiaofei Bai
f6d3696eda fix test failures 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:31:54 +00:00
Xiaofei Bai
a0ab777cfc update based on comments. 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:31:54 +00:00
Xiaofei Bai
e1e344213a Add TLS1.3 process certificate request 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:31:52 +00:00
Ronald Cron
f51b79c297
Merge pull request #5355 from yuhaoth/pr/remove-duplicate-sig-alg-ext 
Remove duplicate write signature algorithms extension
The failure of ABI-API-checking is expected.
 2022-01-26 10:05:26 +01:00
Jerry Yu
ed5e9f431d Change ecdsa sig_algs order for tls1.3 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-26 12:41:12 +08:00
Manuel Pégourié-Gonnard
9d95d81eae
Merge pull request #5359 from hanno-arm/mpi_montmul_remove_dead_code 
Remove redundant write operation in Montgomery multiplication
 2022-01-25 13:00:19 +01:00
Jerry Yu
0b994b8061 fix typo error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 17:22:12 +08:00
Jerry Yu
53037894ab change the defaut sig_algs order 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 14:38:01 +08:00
Jerry Yu
18c833e2eb fix tls1_2 only sig_algs order issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 14:38:01 +08:00
Jerry Yu
f377d644f5 Refactor duplicate check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 14:38:01 +08:00
Jerry Yu
6ade743a43 Add mbedtls_printf alias for !PLATFORM_C 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 14:38:01 +08:00
Jerry Yu
370e146acb fix comments issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
909df7b17b Refactor *_sig_algs tables 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
b476a44fc6 Add static assert check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
971988528d fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
941e07ff02 fix test_no_platform fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
1a8b481ce6 Remove duplicated signature algorithm in default settings 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
600ded7ea5 Reserve end tag space at sig_algs_len init. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
a68dca24ee move overflow inside loop 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
8afd6e4308 fix typo issues in comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
eb821c6916 remove check_sig_hash 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
24811fb2e0 replace check_sig_hash with is_offered 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
1bab301c0d Add signature algorithm supported check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
7ddc38cedb fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
4131ec1260 Add signature algorithm length check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
a69269a711 change sig_algs_len unit to byte 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
713013fa80 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
e12f1ddcfa fix check names fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
11f0a9c2c4 fix deprecated-declarations error 
replace sig_hashes with sig_alg

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
6106fdc085 fix build fail without TLS13 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
f017ee4203 merge write sig_alg of tls12 and tls13 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

# Conflicts:
#	library/ssl_misc.h
 2022-01-25 12:46:17 +08:00
Jerry Yu
1abd1bc22f Change write_sig_alg_ext of tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
2d0bd32982 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
0e5bcb6bf5 Replace directly access for sig_hashes 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:16 +08:00
Jerry Yu
08e2ceae18 Remove directly access for tls13_sig_algs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:16 +08:00
Jerry Yu
afdfed16d0 add get sig_algs helper function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:16 +08:00
Jerry Yu
18cd43909b Align signature_algorithms extension name 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:16 +08:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite 
Add accessors for ciphersuite info
 2022-01-24 11:13:31 +01:00
Dave Rodgman
b032685543
Merge pull request #5309 from gilles-peskine-arm/pkparse-pkcs8-unencrypted-no-alloc 
mbedtls_pk_parse_key: don't allocate if not needed
 2022-01-24 10:03:48 +00:00
Gilles Peskine
6d6d93ea4a
Merge pull request #5350 from AndrzejKurek/psa-aead-invalid-tag-lengths-setup 
Detect invalid tag lengths in psa_aead_setup
 2022-01-21 21:46:37 +01:00
Gilles Peskine
fe271b9c92
Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes 
Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
 2022-01-21 21:46:08 +01:00
Andrzej Kurek
f881601c91 Detect invalid tag lengths in psa_aead_setup 
Read tag lengths from the driver and validate against preset values.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-20 07:40:12 -05:00
Manuel Pégourié-Gonnard
d2da19b8eb
Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes 
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
 2022-01-18 09:16:25 +01:00
Ronald Cron
188ed19456
Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext 
Remove duplicate function for writing supported_groups extension
 2022-01-17 09:13:14 +01:00
Andrzej Kurek
63439eda62 Return an error for IV lengths other than 12 with ChaCha20+Poly1305 
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
33ca6af8a3 Return an error for IV lengths other than 12 with ChaCha20 
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Manuel Pégourié-Gonnard
73839e02a7
Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat 
Reset dhm_P and dhm_G if config call repeated; avoid memory leak
 2022-01-14 10:41:06 +01:00
Bence Szépkúti
aa3a6e4ea7 Fix brace placement 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-13 16:26:03 +01:00
Bence Szépkúti
39fb9d170b Rename helper function to psa_aead_check_algorithm 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-13 14:33:45 +01:00
Jerry Yu
d491ea4f18 fix comment issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-13 16:15:25 +08:00
Glenn Strauss
8f52690956 Add accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-13 00:05:48 -05:00
Jerry Yu
b925f21806 fix comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-12 11:17:02 +08:00
Jerry Yu
f0fede56a6 minor performance improvement 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-12 10:57:47 +08:00
Jerry Yu
1510cea0f3 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-12 10:56:49 +08:00
Jerry Yu
3ad14ac9e9 Add named group IANA value check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 17:13:16 +08:00
Jerry Yu
f46b016058 skip some extensions if ephemeral not enabled 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 16:28:00 +08:00
Jerry Yu
63282b4321 Refactor write supported group 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 15:43:53 +08:00
Hanno Becker
bae3023576 Make more use of helper function for init/free of MPI array 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-11 05:06:54 +00:00
Jerry Yu
7f029d8a94 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 11:08:53 +08:00
Przemyslaw Stekiel
2ecfd57b93 psa_asymmetric_decrypt: move build-in impl to mbedtls_psa_asymmetric_decrypt 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00