mbedtls

Author	SHA1	Message	Date
Przemek Stekiel	47e3cb1875	ssl_tls13_generic.c: adapt guards for MBEDTLS_SHAxxx_C Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-13 18:08:54 +02:00
Jerry Yu	db8c5faed7	Add getting session ticket for client - Move ssl_get_psk_to_offer to `ssl_tls13_client.c` - Rename to `ssl_tls13_get_psk_to_offer` - Add session ticket parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Andrzej Kurek	a242e83b21	Rename the sha384 checksum context to reflect its purpose Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:02:04 -04:00
Jerry Yu	95b743ca17	Rename get_pk_type_and_md_alg The function is for both tls12 and tls13 now. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Manuel Pégourié-Gonnard	f6b8c3297a	Merge pull request #6065 from mpg/explore2 Driver-only hashes: RSA 1.5 and PK + strategy doc	2022-07-28 10:43:38 +02:00
XiaokangQian	3ad67bf4e3	Rename functions and add test messages Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	8698195566	Address comments of various issues Improve comments Change coding style Rename functions Change-Id: Ia111aef303932cfeee693431c3d48f90342b32e5 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	008d2bf80b	Address comments in psk client review Improve comments Refine cipher suite related code in psk Refine get_psk_offered() Change-Id: Ic3b0b5f86eb1e71f11bb499961aa8494284f1840 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
Manuel Pégourié-Gonnard	abac037a7b	Migrate from old inline to new actual function. This is mostly: sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \ library/.c tests/suites/.function This should be good for code size as the old inline function was used from 10 translation units inside the library, so we have 10 copies at least. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Ronald Cron	ce7d76e2ee	Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr	2022-07-11 10:22:37 +02:00
Ronald Cron	0e39ece23f	Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk Refactor signature algorithm chooser	2022-07-04 09:10:08 +02:00
Jerry Yu	959e5e030b	fix format issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:20:17 +08:00
Jerry Yu	660cb4209c	Remove pkcs1 from key cert and sig alg map Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:20:17 +08:00
Manuel Pégourié-Gonnard	2f244c43b4	Merge pull request #5980 from mprse/md_dep_fix Remove MD dependencies from mbedtls_x509_sig_alg_gets(), ssl_tls13_parse_certificate_verify()	2022-06-29 10:18:41 +02:00
Jerry Yu	c2e0493e6e	Add rsa_pkcs1 for cert sig match Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:18:31 +08:00
Jerry Yu	cc5391048e	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:18:30 +08:00
Jerry Yu	aebaaaf527	add debug messages Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	a1255e6b8c	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	53f5c15155	Add debug message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	80dd5db808	Remove pkcs1 from certificate verify. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	f085678879	remove unnecessary check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	0c6be8f863	move big function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	f3b46b5082	Add debug message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:05 +08:00
Jerry Yu	d099cf0325	fix unused variable issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:47 +08:00
Jerry Yu	f55886a217	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:46 +08:00
Jerry Yu	fb526693c1	Rename sig_alg cert_key check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:45 +08:00
Jerry Yu	7ab7f2b184	Remove pkcs1 from certificate_verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:44 +08:00
Jerry Yu	f249ef7821	refactor get sig algo from pk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:40 +08:00
Przemek Stekiel	4dc874453e	ssl_tls13_parse_certificate_verify(): optimize the code Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-28 11:05:42 +02:00
Ronald Cron	11b5332ffc	tls13: Fix certificate extension size write Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	154d1b68d6	tls13: Fix wrong usage of MBEDTLS_SSL_CHK_BUF(_READ)_PTR macros Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Przemek Stekiel	6a5e01858f	ssl_tls13_parse_certificate_verify(): remove md dependency Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 11:53:13 +02:00
Ronald Cron	2b1a43c101	tls13: Add missing overread check in Certificate msg parsing. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	e3dac4aaa1	tls13: Add Certificate msg parsing tests with invalid vector lengths Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:42 +02:00
Ronald Cron	9738a8d0fd	Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks TLS 1.3: Fix certificate key usage checks	2022-06-27 08:32:17 +02:00
Ronald Cron	1938588e80	tls13: Align some debug messages with TLS 1.2 ones Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
Manuel Pégourié-Gonnard	a3115dc0e6	Mark static int SSL functions CHECK_RETURN_CRITICAL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:52 +02:00
Ronald Cron	30c5a2520e	tls13: Fix certificate key usage checks Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-17 08:49:52 +02:00
Ronald Cron	ca3c6a5698	Merge pull request #5817 from xkqian/tls13_add_server_name Tls13 add server name	2022-06-16 08:30:09 +02:00
XiaokangQian	81802f43a2	Select certificate base on the received signature list Change-Id: Ife707db7fcfdb1e761ba86804cbf5dd766a5ee33 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-13 03:58:06 +00:00
Paul Elliott	5f2bc754d6	Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests Pr/add-tls13-moving-state-tests	2022-06-08 13:39:52 +01:00
Manuel Pégourié-Gonnard	3a833271aa	Merge pull request #5727 from SiliconLabs/feature/PSEC-3207-TLS13-hashing-HMAC-to-PSA Feature psec-3207 move TLS13 hashing and hmac to psa	2022-06-08 11:53:35 +02:00
pespacek	d9aaf768b5	Fixing CI complains. Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-08 09:44:11 +02:00
pespacek	b06acd734b	Fixing PSA return status Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-07 13:07:21 +02:00
pespacek	670913f4dc	Fixing return value for ssl_tls13_write_certificate_body() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-07 10:53:39 +02:00
Jerry Yu	0a92d6c8eb	fix move state to handshake over fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-31 15:06:04 +08:00
XiaokangQian	0557c94fef	Add back SNI related code to validate_certificate Change-Id: I75883858016d4163cd7c64c3418eb3ca24fa46ea Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:10:53 +00:00
XiaokangQian	e7a5da597f	Remove SNI related code Change-Id: Ic44bdb27b1bdc5c9057078dfed936fc36bddebbe Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 00:59:29 +00:00
XiaokangQian	aca9048b5f	Change base on review Fix comments Add test cases for client authentication with empty certificate Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	989f06d52d	Change some comments base on review Change-Id: I3db2b8ca8162eb368d2f17dfeffee8b25f9edf6f Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	63e713e8ab	Fix comments Change-Id: Ib741f876f4d296df79565a2b8a2971918db1a77f Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	c3017f620f	Remove useless guards and refine checking Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:10 +00:00
XiaokangQian	189ded2b07	Remove coordinate functions and change state machine in server side Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:46:13 +00:00
XiaokangQian	6b916b1616	Add client certificate parse and certificate verify Change-Id: I638db78922a03db6f8bd70c6c5f56fb60365547d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:40:53 +00:00
pespacek	3493587e05	FEATURE: mbedtls_md() in ssl_tls13_write_certificate_verify_body() replaced withpsa_hash_compute() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-05-23 13:10:48 +02:00
pespacek	a1378105cf	FEATURE: use psa_hash_xxx rather than mbedtls_md_xxx for TLS 1.3. ssl_tls13_parse_certificate_verify() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-05-23 13:10:47 +02:00
Jerry Yu	e3d67cb263	Improve readability Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-19 15:33:10 +08:00
Jerry Yu	fd5ea0458f	add compute application transform Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-19 14:29:48 +08:00
Jerry Yu	cc0a13fcf8	remove unnecessary empty line Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-19 10:14:24 +08:00
Jerry Yu	e8c1fca67c	move trafic set to generic Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 16:57:45 +08:00
Jerry Yu	d6e253ded9	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 16:57:45 +08:00
Jerry Yu	03ed50ba6a	Add handshake wrapup Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	ff2269889d	Add client finished Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Ronald Cron	9edf51d8cd	Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3 CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h. @RcColes if you eventually want to request some changes, they can be done in a follow-up PR.	2022-05-17 17:01:55 +02:00
Andrzej Kurek	5c65c5781f	Fix additional misspellings found by codespell Remaining hits seem to be hex data, certificates, and other miscellaneous exceptions. List generated by running codespell -w -L keypair,Keypair,KeyPair,keyPair,ciph,nd Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-05-11 21:25:54 +01:00
Gabor Mezei	078e803d2c	Unify parsing of the signature algorithms extension Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:08 +02:00
Jerry Yu	fbe3e64b76	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:03 +08:00
Jerry Yu	93a13f2c38	Share magic word of HRR Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:48:59 +08:00
Jerry Yu	89e103c54c	tls13: Share write ecdh_key_exchange function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
XiaokangQian	0a1b54ed73	Minor change the place of some functions Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 03:01:38 +00:00
XiaokangQian	0803755347	Update code base on review comments Refine named_group parsing Refine cipher_suites parsing Remove hrr related part Share code between client and server side Some code style changes Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:50:14 +00:00
XiaokangQian	f8ceb94fe7	Fix the parse_sig_alg_ext fail issue Change-Id: Ib31e0929c5b6868ab6c3023b20472321fc07ba3c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	cfd925f3e8	Fix comments and remove hrr related code Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	9b5d04b078	Share parse_key_share() between client and server Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	8840888fbc	Fix some CI issues Change-Id: I68ee024f29b7b8dd586f2c45e91950657e76bad8 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	c5763b5efd	Change some code style Change-Id: I67bb642e81693489345867ca87d7e9daa22f83ea Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	3207a32b1e	Fix unused parameter issue and not defined cookie issue Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	7807f9f5c9	Add client hello into server side Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
Ronald Cron	8f6d39a81d	Make some handshake TLS 1.3 utility routines available for TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	5b98ac9c64	TLS 1.3: Move PSA ECDH private key destroy to dedicated function Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	63d97ad0bb	Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 Add rsae sha384 sha512	2022-03-29 14:01:51 +02:00
Jerry Yu	6c6f10265d	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-25 11:09:50 +08:00
Jerry Yu	f8aa9a44aa	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 20:54:38 +08:00
Jerry Yu	8c3388620d	create sig_alg decode function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 13:34:04 +08:00
Jerry Yu	0c23fc39c3	fix various guards issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 12:20:01 +08:00
Jerry Yu	cef3f33012	Guard rsa sig algs with rsa_c and pkcs1_v{15,21} Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 23:16:42 +08:00
Jerry Yu	e91a51a539	Refactor get_sig_alg_from pk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 21:42:50 +08:00
Jerry Yu	3616533d26	tls13:remove ec check from validate certification Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 19:46:05 +08:00
Jerry Yu	dddf5a0e18	Refactor get_sig_alg_from_pk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:47:19 +08:00
Jerry Yu	406cf27cb5	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:53 +08:00
Jerry Yu	8beb9e173d	Change prototype of pk_sign_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	67eced0132	replace pk_sign with pk_sign_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	3a58b462b6	add pss_rsae_sha{384,512} Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	919130c035	Add rsa_pss_rsae_sha256 support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:33 +08:00
Ronald Cron	a8b38879e1	Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-10 13:58:17 +01:00
Ronald Cron	7a94aca81a	Move state change from CLIENT_CERTIFICATE to its main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-10 13:58:04 +01:00
Ronald Cron	5bb8fc830a	Call Certificate writing generic handler only if necessary Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	9f55f6316e	Move state change from CSS states to their main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	66dbf9118e	TLS 1.3: Do not send handshake data in handshake step handlers Send data (call to mbedtls_ssl_flush_output()) only from the loop over the handshake steps. That way, we do not have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE error code) on the network in handshake step handlers. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	9df7c80c78	TLS 1.3: Always go through the CLIENT_CERTIFICATE state Even if certificate authentication is disabled at build time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state. It simplifies overall the code for a small code size cost when certificate authentication is disabled at build time. Furthermore that way we have only one point in the code where we switch to the handshake keys for record encryption. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:50:08 +01:00

1 2 3 4 5 ...

269 commits