Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
...
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Neil Armstrong
1039ba5c98
Check if not using Opaque PSK in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:33:01 +02:00
Neil Armstrong
ede381c808
Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:33:01 +02:00
Neil Armstrong
3cae167e6a
Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
fdf20cb513
Fix command indentation in ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
2d63da9269
Introduce zlen size variable in ECHDE-PSK part of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
d6e2759afb
Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
fb0a81ece9
Return PSA translated errors in ECHDE-PSK part of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
5a1455d8d5
Remove useless braces in ECHDE-PSK part of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
3bcef08335
Update comments in ECHDE-PSK part of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
549a3e4737
Initialize uninitialized variable in ECHDE-PSK part of ssl_parse_client_key_exchange()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
039db29c7d
Implement PSA server-side ECDHE-PSK
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:07 +02:00
Neil Armstrong
e88d190f2e
Set ecdh_psa_privkey_is_external to 1 right after setting ecdh_psa_privkey in ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-04 11:27:57 +02:00
Neil Armstrong
f716a700a1
Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-04 11:23:46 +02:00
Neil Armstrong
91477a7964
Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
1335222f13
Return translated PSA error in PSA version of ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
f788253ed3
Fix comment typo in PSA version of ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
104a7c1d29
Handle Opaque PK EC keys in ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
8113d25d1e
Add ecdh_psa_shared_key flag to protect PSA privkey if imported
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
5cd5f76d67
Use mbedtls_platform_zeroize() in ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
4f33fbc7e9
Use PSA define for max EC key pair size in ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
306d6074b3
Fix indentation issue in PSA version of ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
062de7dd79
Use PSA_BITS_TO_BYTES instead of open-coded calculation in PSA version of ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
1f4b39621b
Implement PSA server-side ECDH-RSA/ECDSA
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Ronald Cron
3cffc5ccb1
tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:59:44 +02:00
Ronald Cron
90f012037d
ssl_tls12_server.c: Simplify TLS version check in ClientHello
...
The TLS server code only support TLS 1.2 thus simplify
the check of the version proposed by the client.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
8457c12127
ssl_tls12_server.c: Remove some unnecessary checks on TLS minor version
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
b894ac7f99
ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
de1adee51a
Rename ssl_cli/srv.c
...
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00