Jerry Yu
dca3d5ddf9
fix document issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:19:29 +08:00
Jerry Yu
0cabad375b
fix doxygen parameter wrong
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
adf861aad4
Address kex_modes check function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
e15e665cfb
fix comments and check return issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
1b7c4a464c
tls13: add key exchange modes in handshake params
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
34da3727d6
Add check read ptr macro
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
XiaokangQian
16c61aa738
TLS1.3: Alignment coding styles based on comments
...
Fix kinds of alignment issues in fetch handshake messages.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 02:14:23 +00:00
XiaokangQian
6b226b0874
Add fetch_hand_message in generic
...
This function is one common function in generic file, get it from
the encrypted extension and submit one patch independently.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 02:14:23 +00:00
gabor-mezei-arm
db9a38c672
Move contatnt-time memcmp functions to the contant-time module
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
Jerry Yu
d9a94fe3d0
Add counter length macro
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-28 20:10:26 +08:00
Jerry Yu
4836952f9d
fix tls1_3 prefix issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
b65eb2f3cf
Revert "tls13: add generate handshake keys"
...
This reverts commit f02ca4158674b974ae103849c43e0c92efc40e8c.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
e3131ef7f3
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
a63de352dc
Revert "tls13: add ecdh_read_public"
...
This reverts commit 6a9d2ee4df88028e352e50d4f48687ce5b0f26ac.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
000f976070
Rename get_handshake_transcript
...
- Remove tls13 prefix
- Remove TLS1_3 macro wrap
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
c7875b5f11
add set in/out transform utils
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
d3f73349a7
tls13: add ecdh_read_public
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
7bea4bac96
tls13: add checksum of handshake message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
4925ef5da1
tls13: add generate handshake keys
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
89ea321d96
tls13: add key_schedule_stage_early_data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
24c0ec31f9
tls13: add get_handshake_transcript
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
bbd5a3fded
fix pending_alert issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
394ece6cdd
Add function for set pending alert flag
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
e7047819ee
add pend fatal alert
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
bdc71888fc
Remove restartable and everest from tls1.3
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-14 19:33:31 +08:00
Jerry Yu
b60e3cf424
fix various issues
...
- format problems
- name conversion issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 16:41:02 +08:00
Jerry Yu
56fc07f7ae
add key_share extension
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 10:37:20 +08:00
Jerry Yu
e226cef124
Add NamedGroup IANA values and helper functions
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
26f4d15d13
Add key exchange modes helper functions
...
Add helper functions for `tls13_kex_modes`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
8c02bb4b71
fix various comment issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 21:52:26 +08:00
Jerry Yu
2c0fbf3405
modify proc_chk macros
...
- change the parameter
- remove debug output
- remove return value modify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
a2cf7bd243
fix comment issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
67d4ed5b22
force change state type
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
159c5a0e12
fix comments issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
e41dec0158
Rename write signature algorithms function
...
To keep similar name with other place.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
eecfbf001c
fix format issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
995ecd396f
fix wrong iana values and comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
5cc8f0a0d8
Add simple document for tls13 functions
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
275619336a
fix name conversion issue for tls13 server entry
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
f443681f56
fix function name conversion issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
6f13f64aa6
fix various format issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
8e7ca0432e
fix extensions_present issues
...
fix comments for the mask values. follow same order
as IANA values.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
bc20bdd3a9
Implement write_partial with dummy exts
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
93bcd61a41
Add field into handshake params
...
Add `extensions_present` field. It represents
which are present.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
65dd2ccfe6
Add dummy stages for client_hello_process
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
beb3f41f2f
Add handshake_set_state helper function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Manuel Pégourié-Gonnard
5e344563e4
Merge pull request #4858 from hanno-arm/upstream_tls13_transforms
...
Upstream TLS 1.3 record transformations structure fields
2021-08-12 12:29:54 +02:00
Manuel Pégourié-Gonnard
409c8f6e1b
Merge pull request #4851 from hanno-arm/hs_msg_without_checksum
...
Add handshake message writing variant that doesn't update checksum
2021-08-12 11:54:10 +02:00
Hanno Becker
e043d15d75
Turn comments of 1.3 record transforms into Doxygen documentation
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:22:52 +01:00
Dave Rodgman
2aec149e13
Merge pull request #4248 from hanno-arm/tls13_populate_transform
...
Fix and test compliance of TLS 1.3 record protection
2021-08-11 16:41:51 +01:00
Hanno Becker
3aa186f946
Add transforms to be used for TLS 1.3
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 09:24:19 +01:00
Jerry Yu
b9930e7d70
Add dummy tls1.3 handshake dispatch functions
...
Base on version config, `handshack_{clinet,server}_step`
will call different step function. TLS1.3 features will
be gradully added base on it.
And a new test cases is added to make sure it reports
`feature is not available`.
Change-Id: I4f0e36cb610f5aa59f97910fb8204bfbf2825949
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Jerry Yu
60835a88c3
Add config check utils functions
...
Check configuration parameter in structure setup
function to make sure the config data is available
and valid.
Current implementation checks the version config.
Available version configs are
- tls1_3 only
- tls1_2 only
issues: #4844
Change-Id: Ia762bd3d817440ae130b45f19b80a2868afae924
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Hanno Becker
f3cce8b0e1
Add handshake message writing variant that doesn't update checksum
...
The helper `mbedtls_ssl_write_handshake_msg` writes a handshake message
and updates the handshake transcript.
With TLS 1.3, we need finer control over the checksum: updating
at message granularity is not sufficient. To allow for manual maintenance
of the checksum in those cases, refine `mbedtls_ssl_write_handshake_msg()`
into `mbedtls_ssl_write_handshake_msg_ext()` which takes a parameter
determining whether the checksum should be updated.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-07 14:29:49 +01:00
Hanno Becker
bd25755d2a
Rename ssl_populate_transform() -> ssl_tls12_populate_transform()
...
In TLS 1.2 specific code, the internal helper functions
ssl_populate_transform() builds an SSL transform structure,
representing a specific record protection mechanism.
In preparation for a subsequent commit which will introduce
a similar helper function specific to TLS 1.3, this commmit
renames ssl_populate_transform() to ssl_tls12_populate_transform().
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:52:45 +01:00
Manuel Pégourié-Gonnard
b637150dfe
Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1
...
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
2021-07-27 09:42:53 +02:00
TRodziewicz
299510e889
Correction to comments and changelog removed
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-09 16:55:11 +02:00
TRodziewicz
458280e67c
Correction to outdated comment
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-07 11:33:06 +02:00
TRodziewicz
345165c1f7
Reverting deleted macros
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-06 13:42:11 +02:00
TRodziewicz
2abf03c551
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-28 14:36:37 +02:00
Bence Szépkúti
c662b36af2
Replace all inclusions of config.h
...
Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since
build_info.h alreadyy handles it.
This commit was generated using the following script:
# ========================
#!/bin/sh
git ls-files | grep -v '^include/mbedtls/build_info\.h$' | xargs sed -b -E -i '
/^#if !?defined\(MBEDTLS_CONFIG_FILE\)/i#include "mbedtls/build_info.h"
//,/^#endif/d
'
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:24:07 +01:00
Manuel Pégourié-Gonnard
16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api
...
Remove MFL query API and add API for maximum plaintext size of incoming records
2021-06-08 11:07:27 +02:00
Hanno Becker
df3b86343a
Fixup rebase slip in library/ssl_misc.h
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-08 05:30:45 +01:00
Manuel Pégourié-Gonnard
cac90a15ed
Hide constants for TLS 1.0 and TLS 1.1
...
ssl_server2 had a check that we never try to use a minor version lower
than 2 with DTLS, but that check is no longer needed, as there's no way
that would happen now that MBEDTLS_SSL_MINOR_VERSION_1 is no longer
public.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-04 12:29:33 +02:00
TRodziewicz
e8dd7097c3
Combine MBEDTLS_SSL_<CID-TLS1_3>_PADDING_GRANULARITY options
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-26 13:19:08 +02:00
TRodziewicz
4ca18aae38
Corrections after the code review
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 13:38:00 +02:00
TRodziewicz
0f82ec6740
Remove the TLS 1.0 and 1.1 support
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:45:20 +02:00
Hanno Becker
9752aadd85
Make query API for state of MFL extension internal
...
This commit makes the API
- mbedtls_ssl_get_output_max_frag_len()
- mbedtls_ssl_get_input_max_frag_len()
- mbedtls_ssl_get__max_frag_len()
for querying the state of the Maximum Fragment Length
extension internal.
Rationale: The value those APIs provide to the user is in
upper bounds for the size of incoming and outgoing records,
which can be used to size application data buffers apporpriately
before passing them to mbedtls_ssl_{read,write}(). However,
there are other factors which influence such upper bounds,
such as the MTU or other extensions (specifically, the
record_size_limit extension which is still to be implemented)
which should be taken into account.
There should be more general APIs for querying the maximum
size of incoming and outgoing records.
For the maximum size of outgoing records, we already have such,
namely mbedtls_ssl_get_max_out_record_payload().
For the maximum size of incoming records, a new API will be
added in a subsequent commit.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-23 06:03:55 +01:00
Mateusz Starzyk
17011a3185
Merge branch 'development' into convert_NO_SHA384_to_positive
...
Conflicts:
library/version_features.c
programs/test/query_config.c
Files were removed in development branch and modified by current branch.
Conflicts fixes by removing them.
2021-05-20 14:18:12 +02:00
Mateusz Starzyk
c6d94aba50
Fix remaining SHA384 dependencies and ifdef blocks.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-19 16:23:47 +02:00
Ronald Cron
fdcde47f36
Merge pull request #4458 from davidhorstmann-arm/remove-max-content-len
...
Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
2021-05-17 16:36:04 +02:00
Hanno Becker
8cce50d726
Remove reference to SSLv3
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:15:52 +01:00
Hanno Becker
31351cef6f
Add missing escape character in multi-line preprocessor directive
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:14:56 +01:00
Hanno Becker
0cc4661365
Introduce helper macro for presence of stream ciphersuites
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:14:56 +01:00
Hanno Becker
fd86ca8626
Rename SOME_MODES_USE_MAC -> SOME_SUITES_USE_MAC
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:07:48 +01:00
David Horstmann
95d516f319
Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-05-10 17:02:48 +01:00
Mateusz Starzyk
c301bd56f0
Merge branch 'development_3.0' into drop_old_tls_options
2021-04-15 13:55:20 +02:00
Chris Jones
84a773f8e6
Rename ssl_internal.h to ssl_misc.h
...
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00